From owner-freebsd-security Sat Dec 14 12:28:43 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id MAA08269 for security-outgoing; Sat, 14 Dec 1996 12:28:43 -0800 (PST) Received: from redmare.com (brian@lin-pm4-027.inetnebr.com [206.222.211.27]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id MAA08251 for ; Sat, 14 Dec 1996 12:28:37 -0800 (PST) Received: from localhost (brian@localhost) by redmare.com (8.7.4/8.7.3) with SMTP id OAA02639; Sat, 14 Dec 1996 14:24:16 -0600 (CST) X-Authentication-Warning: redmare.com: brian owned process doing -bs Date: Sat, 14 Dec 1996 14:24:15 -0600 (CST) From: Brian Mitchell X-Sender: brian@redmare.com To: Christian Hochhold cc: freebsd-security@FreeBSD.ORG Subject: Re: questions... In-Reply-To: <199612141931.PAA05834@eternal.dusk.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Sat, 14 Dec 1996, Christian Hochhold wrote: > Hello, > > Could someone answer a quick question for me, > it would be most appreciated. > > The /sbin directory's ( as an example ) files seem to > be executable by anyone on the system. > I have changed a few of the files ( ie. dmesg ) > to be executable by root as well as > the bin group only. > > What files should I be most concerned about that > users can execute ( such as ifconfig ) but really > have no business to? > > What about directories such as / ? > Unless they are privledged programs, why bother changing the permissions? If the user really wants to run that non-privledged bin, he can upload a copy of it himself, chmod it and execute it. sgid or suid binaries, on the other hand, are a entirely different matter. Brian Mitchell / brian@saturn.net