Date: Tue, 29 Mar 2005 21:57:31 -0600 From: Mike Meyer <mwm@mired.org> To: "H. S." <security@revolutionsp.com> Cc: freebsd-hackers@freebsd.org Subject: Re: A few thoughts.. Message-ID: <16970.9131.32691.306914@guru.mired.org> In-Reply-To: <61910.81.84.174.37.1112123946.squirrel@mail.revolutionsp.com> References: <61910.81.84.174.37.1112123946.squirrel@mail.revolutionsp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In <61910.81.84.174.37.1112123946.squirrel@mail.revolutionsp.com>, H. S. <security@revolutionsp.com> typed: > My "USERNAME" account doesn't have access to /sbin/dmesg, but I uploaded a > /sbin/dmesg from a 5.2.1-RELEASE to a 5.3-STABLE box, and then I could > have access to this system information. The same goes for systat , vmstat, > and all these commands that (most people think) shouldn't be available for > regular users. I wouldn't say "most people think" those things shouldn't be available for regular users, because that's the first time in 25 years of managing Unix systems that I've run into that sentiment. What I'm really curious about is what makes you think FreeBSD itself tries to enforce your opinion. I'm running 5.3-STABLE built from fresh install of 5.3-RELEASE, haven't done anything to any of those binaries, and they are all world/group executable on my system. That means that there's no way to prevent any user from running them. dmesg isn't in the normal $PATH, but that's not an indication that users shouldn't be able to run it, merely that they aren't expected to need it. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/consulting.html Independent Network/Unix/Perforce consultant, email for more information.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?16970.9131.32691.306914>