From owner-freebsd-security Wed Aug 7 23:18:16 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id XAA13713 for security-outgoing; Wed, 7 Aug 1996 23:18:16 -0700 (PDT) Received: from scapa.cs.ualberta.ca (root@scapa.cs.ualberta.ca [129.128.4.44]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id XAA13708 for ; Wed, 7 Aug 1996 23:18:15 -0700 (PDT) Received: from ve6kik by scapa.cs.ualberta.ca with UUCP id <13071-14786>; Thu, 8 Aug 1996 00:18:01 -0600 Received: from alive.ampr.ab.ca by ve6kik.ampr.ab.ca with uucp (Smail3.1.28.1 #5) id m0uoOFp-000OHOC; Thu, 8 Aug 96 00:07 WET DST Received: by alive.ampr.ab.ca (Linux Smail3.1.29.1 #2) id m0uoO7X-00028EC; Wed, 7 Aug 96 23:58 MDT Date: Wed, 7 Aug 1996 23:58:58 -0600 (MDT) From: Marc Slemko To: freebsd-security@freebsd.org Subject: Re: Two problems I have with FreeBSD security In-Reply-To: <199608071632.JAA02642@kdat.calpoly.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Wed, 7 Aug 1996, Nathan Lawson wrote: > the expense of security (setuid root ppp/sliplogin... Why can't these be > setgid uucp to open the modem device?) Both programs need to do things such as modify routes and interfaces, which can not be done except as root. There are a couple of possible workarounds to avoid making the programs setuid root, but it all comes down to the fact that, under the current BSD kernel (along with most other Unix kernels), you need to be root to do some of what ppp and sliplogin do. -- Marc Slemko 1:342/1003@fidonet marcs@alive.ampr.ab.ca marcs@alive.ersys.edmonton.ab.ca