From owner-freebsd-hackers  Tue Jul 22 08:35:07 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id IAA04940
          for hackers-outgoing; Tue, 22 Jul 1997 08:35:07 -0700 (PDT)
Received: from rocky.mt.sri.com (rocky.mt.sri.com [206.127.76.100])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA04926
          for <hackers@freebsd.org>; Tue, 22 Jul 1997 08:35:00 -0700 (PDT)
Received: (from nate@localhost) by rocky.mt.sri.com (8.7.5/8.7.3) id JAA05427; Tue, 22 Jul 1997 09:34:41 -0600 (MDT)
Date: Tue, 22 Jul 1997 09:34:41 -0600 (MDT)
Message-Id: <199707221534.JAA05427@rocky.mt.sri.com>
From: Nate Williams <nate@mt.sri.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
To: Andreas Klemm <andreas@klemm.gtn.com>
Cc: Jaye Mathisen <mrcpu@cdsnet.net>, Terry Lambert <terry@lambert.org>,
        sthaug@nethelp.no, hackers@freebsd.org
Subject: Re: sendmail complains about being unable to write his pid file
In-Reply-To: <19970722074150.52808@gtn.com>
References: <199707212106.OAA11898@phaeton.artisoft.com>
	<Pine.NEB.3.95.970721151455.28740J-100000@mail.cdsnet.net>
	<19970722074150.52808@gtn.com>
X-Mailer: VM 6.29 under 19.15 XEmacs Lucid
Sender: owner-freebsd-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> > Well, just to throw in my 2 bits, I don't really care who owns it, because
> > if root is compromised, who gives a flying leap about files being bin.bin,
> > your system is still open.
> 
> Ok, true, but we don't speak about an already compromised server machine,
> we speak about a server machine, that might be less compromised, by
> giving the files other permissions.

If you export files 'rw', you're machine can be compromised by any
machine that has access to the packets.  You're fooling yourself if you
believe otherwise.



Nate