From owner-freebsd-security  Thu Mar 28 20:40:59 2002
Delivered-To: freebsd-security@freebsd.org
Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39])
	by hub.freebsd.org (Postfix) with ESMTP id 5F6E137B421
	for <security@FreeBSD.ORG>; Thu, 28 Mar 2002 20:40:54 -0800 (PST)
Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc53.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20020329044054.OGUI2951.rwcrmhc53.attbi.com@blossom.cjclark.org>;
          Fri, 29 Mar 2002 04:40:54 +0000
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.6) id g2T4erj68836;
	Thu, 28 Mar 2002 20:40:53 -0800 (PST)
	(envelope-from cjc)
Date: Thu, 28 Mar 2002 20:40:53 -0800
From: "Crist J. Clark" <cjc@FreeBSD.ORG>
To: Garrett Wollman <wollman@lcs.mit.edu>
Cc: security@FreeBSD.ORG
Subject: Re: make world and setuid bits
Message-ID: <20020328204053.O97841@blossom.cjclark.org>
References: <20020328121850.D97841@blossom.cjclark.org> <20020328161518.R5333-100000@walter> <20020328174304.L97841@blossom.cjclark.org> <200203290255.g2T2tqi09556@khavrinen.lcs.mit.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200203290255.g2T2tqi09556@khavrinen.lcs.mit.edu>; from wollman@lcs.mit.edu on Thu, Mar 28, 2002 at 09:55:52PM -0500
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thu, Mar 28, 2002 at 09:55:52PM -0500, Garrett Wollman wrote:
> <<On Thu, 28 Mar 2002 17:43:04 -0800, "Crist J. Clark" <cjc@FreeBSD.ORG> said:
> 
> > Some sites may use this policy, but I would never like it. It requires
> > direct logins as root.
> 
> It may make some sense in limited circumstances.  For example, my
> Kerberos KDC has only one interactive user (root), does not support
> network login (duh!), and is locked in a box in one of my machine
> rooms.  *Any* escalation of privilege on that machine represents a
> serious security problem.

Again, personally, if more than one user has access to the machine, I
prefer to have people individual accounts and su(1) to root for the
sake of an audit trail (Obviously, people who have root and physical
access can almost certinly tamper with the logs, but it is still
useful). YMMV.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message