From owner-freebsd-hackers  Tue Jul 22 06:48:16 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id GAA28848
          for hackers-outgoing; Tue, 22 Jul 1997 06:48:16 -0700 (PDT)
Received: from news1.gtn.com (news1.gtn.com [192.109.159.3])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id GAA28814
          for <hackers@FreeBSD.ORG>; Tue, 22 Jul 1997 06:47:55 -0700 (PDT)
Received: (from uucp@localhost) by news1.gtn.com (8.7.2/8.7.2) with UUCP id PAA29497; Tue, 22 Jul 1997 15:30:33 +0200 (MET DST)
Received: (from andreas@localhost)
	by klemm.gtn.com (8.8.6/8.8.6) id HAA17133;
	Tue, 22 Jul 1997 07:41:50 +0200 (CEST)
Message-ID: <19970722074150.52808@gtn.com>
Date: Tue, 22 Jul 1997 07:41:50 +0200
From: Andreas Klemm <andreas@klemm.gtn.com>
To: Jaye Mathisen <mrcpu@cdsnet.net>
Cc: Terry Lambert <terry@lambert.org>, sthaug@nethelp.no, hackers@FreeBSD.ORG
Subject: Re: sendmail complains about being unable to write his pid file
References: <199707212106.OAA11898@phaeton.artisoft.com> <Pine.NEB.3.95.970721151455.28740J-100000@mail.cdsnet.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.79
In-Reply-To: <Pine.NEB.3.95.970721151455.28740J-100000@mail.cdsnet.net>; from Jaye Mathisen on Mon, Jul 21, 1997 at 03:19:33PM -0700
X-Disclaimer: A free society is one where it is safe to be unpopular
X-Operating-System: FreeBSD 3.0-CURRENT SMP
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Mon, Jul 21, 1997 at 03:19:33PM -0700, Jaye Mathisen wrote:
> 
> Well, just to throw in my 2 bits, I don't really care who owns it, because
> if root is compromised, who gives a flying leap about files being bin.bin,
> your system is still open.

Ok, true, but we don't speak about an already compromised server machine,
we speak about a server machine, that might be less compromised, by
giving the files other permissions.

Ok, I also agree, that it's not a fine thing to do the following:

server: /etc/exports		/usr	rw=client1
server: /etc/hosts.equiv	client1

But if someone would do so who is not such a security freak, it
would help, that the machine isn't crashed within minutes ...


-- 
Andreas Klemm | klemm.gtn.com - powered by
                    Symmetric MultiProcessor FreeBSD
                       http://www.freebsd.org/~fsmp/SMP/SMP.html
                          http://www.freebsd.org/~fsmp/SMP/benches.html