From owner-freebsd-security  Fri Jul  9 15: 9:26 1999
Delivered-To: freebsd-security@freebsd.org
Received: from lazlo.internal.steam.com (lazlo.steam.com [199.108.84.37])
	by hub.freebsd.org (Postfix) with ESMTP id 527FA14E8F
	for <security@FreeBSD.ORG>; Fri,  9 Jul 1999 15:09:17 -0700 (PDT)
	(envelope-from cliff@steam.com)
Received: from lazlo.internal.steam.com (cliff@lazlo.internal.steam.com [192.168.32.2])
	by lazlo.internal.steam.com (8.9.3/8.9.3) with ESMTP id PAA05907;
	Fri, 9 Jul 1999 15:10:39 -0700 (PDT)
Date: Fri, 9 Jul 1999 15:10:39 -0700 (PDT)
From: Cliff Skolnick <cliff@steam.com>
X-Sender: cliff@lazlo.internal.steam.com
To: Dag-Erling Smorgrav <des@flood.ping.uio.no>
Cc: Warner Losh <imp@village.org>,
	Gustavo V G C Rios <kernel@tdnet.com.br>, security@FreeBSD.ORG,
	bos-owner-br@sekure.org
Subject: Re: suid/guid
In-Reply-To: <xzpr9mhr3oo.fsf@flood.ping.uio.no>
Message-ID: <Pine.BSF.4.10.9907091505140.2365-100000@lazlo.internal.steam.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


I have cron jobs that want this info, and I would rather not run my cron
jobs as root.  IMHO a few setuid root, or setgid something executables are
way better than setuid root cron scripts. 

I usually run my cron jobs as normal user like accounts, but I guess I could
add groups to these specific accounts if needed.  Better than root, but the
account now has a higher class that normal users so it becomes an attractive
target.

Cliff

On 9 Jul 1999, Dag-Erling Smorgrav wrote:

> Warner Losh <imp@village.org> writes:
> > Agreed.  I'm also starting to think that a system-wide tunable that
> > would turn off almost all of the set[ug]id installation.  Almost
> > nobody needs setuidperl, for example.  If df is installed w/o setgid
> > operator, almost no functionality is lost.  etc.  Of course exatly
> > what would be lost would be documented.  Comments?
> 
> None on the general concept - but one on the specific example: who
> except root needs to know what df(1) can report when sgid operator?
> 
> DES
> -- 
> Dag-Erling Smorgrav - des@flood.ping.uio.no
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 

--
Cliff Skolnick          | "They that can give up essential liberty to obtain
Steam Tunnel Operations |  a little temporary safety deserve neither liberty
cliff@steam.com         |  nor safety."
http://www.steam.com/   |                   -- Benjamin Franklin, 1759



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message