From owner-freebsd-security  Sun Nov 15 22:59:51 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id WAA27731
          for freebsd-security-outgoing; Sun, 15 Nov 1998 22:59:51 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from rover.village.org (rover.village.org [204.144.255.49])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id WAA27724
          for <freebsd-security@freebsd.org>; Sun, 15 Nov 1998 22:59:30 -0800 (PST)
          (envelope-from imp@village.org)
Received: from harmony [10.0.0.6] 
	by rover.village.org with esmtp (Exim 1.71 #1)
	id 0zfIcY-0001PN-00; Sun, 15 Nov 1998 23:58:46 -0700
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.1/8.8.3) with ESMTP id XAA01912; Sun, 15 Nov 1998 23:58:02 -0700 (MST)
Message-Id: <199811160658.XAA01912@harmony.village.org>
To: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
Subject: Re: Would this make FreeBSD more secure? 
Cc: Matthew Dillon <dillon@apollo.backplane.com>, freebsd-security@FreeBSD.ORG
In-reply-to: Your message of "Mon, 16 Nov 1998 07:29:37 +0100."
		<19981116072937.E969@internal> 
References: <19981116072937.E969@internal>  <19981115192224.A29686@internal> <19981115161548.A23869@internal> <199811151758.JAA15108@apollo.backplane.com> <19981115192224.A29686@internal> <199811152210.PAA01604@harmony.village.org> 
Date: Sun, 15 Nov 1998 23:58:02 -0700
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <19981116072937.E969@internal> Andre Albsmeier writes:
: > Back to the original thread, I'm not sure how making more programs
: > setgid would help system security.  Small ones that are easy to audit
: 
: Well, if you make it setgid and use 640 on the password file, you
: a) can't write to the pw file directly any more
: b) have to crack the root pw from the still readable pw file in order
:    to become root.
: 
: Now you are root immediately.

Now you have to have root in order to get root.  /etc/passwd is
readable by everybody, but so what.  There are no passwords in it.
The master password file, on the other hand, is readable only by
root.

It is true that a stack smashing attack would get you only group pw if
you made this change.  Hmmm, that might be worth it.

: BTW, by examining the xlockmore configure file I found that I am not
: the first one thinking of it:

Not being the first to think of it doesn't make it right. :-)

This would plug some potential holes in a small number of
applications.  I'm not sure that it is worth it on the effort/return
front.  I can think of only a few programs that might benefit from
this, and a similar benefit could likely be had with a PAM module that
talked to a password server which did all the right things.  However,
that too add complexity, which makes it harder to secure things....

Warner

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message