From owner-freebsd-security Thu Mar 28 18:55:56 2002 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id D949437B416; Thu, 28 Mar 2002 18:55:52 -0800 (PST) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.11.4/8.11.6) id g2T2tqi09556; Thu, 28 Mar 2002 21:55:52 -0500 (EST) (envelope-from wollman) Date: Thu, 28 Mar 2002 21:55:52 -0500 (EST) From: Garrett Wollman Message-Id: <200203290255.g2T2tqi09556@khavrinen.lcs.mit.edu> To: "Crist J. Clark" Cc: security@FreeBSD.ORG Subject: Re: make world and setuid bits In-Reply-To: <20020328174304.L97841@blossom.cjclark.org> References: <20020328121850.D97841@blossom.cjclark.org> <20020328161518.R5333-100000@walter> <20020328174304.L97841@blossom.cjclark.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org < said: > Some sites may use this policy, but I would never like it. It requires > direct logins as root. It may make some sense in limited circumstances. For example, my Kerberos KDC has only one interactive user (root), does not support network login (duh!), and is locked in a box in one of my machine rooms. *Any* escalation of privilege on that machine represents a serious security problem. > passwd(1), at(1), crontab(1), login(1), su(1), some or most of those > would be required for almost any multiuser installation. Actually, only passwd is required for most users. People who are not administrators have no need for at, crontab, or su, and the only process which normally runs login is getty. -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message