From owner-freebsd-security Fri Mar 29 3:17:14 2002 Delivered-To: freebsd-security@freebsd.org Received: from walter.dfmm.org (walter.dfmm.org [209.151.233.240]) by hub.freebsd.org (Postfix) with ESMTP id D2E0637B41B for ; Fri, 29 Mar 2002 03:17:07 -0800 (PST) Received: (qmail 42891 invoked by uid 1000); 29 Mar 2002 11:17:01 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 29 Mar 2002 11:17:01 -0000 Date: Fri, 29 Mar 2002 03:16:56 -0800 (PST) From: Jason Stone X-X-Sender: To: Subject: Re: make world and setuid bits In-Reply-To: <20020328174304.L97841@blossom.cjclark.org> Message-ID: <20020329025937.G5333-100000@walter> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > passwd(1), at(1), crontab(1), login(1), su(1), some or most of those > would be required for almost any multiuser installation. at and crontab I don't provide, and since I use ssh exclusively, login is not necesary. passwd is usually the only binary I leave setuid. I don't want this thread to get too theological, but my preferred way of handling root users is to use ssh with rsa keys and patch sshd to log key fingerprints for root logins (actually, the current openssh finally includes this feature by default) and to totally avoide su. This gives me the accountability I desire, it ensures that all root logins are over ssh, and it makes managing root access much easier and way less error prone. As for mount -o nosuid, I do that when I can, but it's not granular enough for many circumstances. Sometimes I want to have a single setuid binary like passwd, and frequently I want to have non-root setuid binaries (I feel prety comfortable with man, for example). > If you can come up with some reasonably non-obtrusive patches to the > build to control this with some make.conf(5) knobs, we can have a look > at the practicallity. That's fair - if I do send a patch, do you suppose it's likely it would get included? I'm imagining just wrapping the assignment of BINMODE in an ifdef for the sixty-ish or so Makefiles that use it to set special bits. -Jason ----------------------------------------------------------------------- I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE8pE0tswXMWWtptckRArXSAKDcDmmdQM9bStsf3TzOYh+Yxiiv6gCgrEPn +mEofipaM61lwAwi4R19Ah8= =GuYc -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message