From owner-freebsd-hackers Sat Jul 19 04:07:48 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id EAA20006 for hackers-outgoing; Sat, 19 Jul 1997 04:07:48 -0700 (PDT) Received: from news1.gtn.com (news1.gtn.com [192.109.159.3]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id EAA19989 for ; Sat, 19 Jul 1997 04:07:40 -0700 (PDT) Received: (from uucp@localhost) by news1.gtn.com (8.7.2/8.7.2) with UUCP id NAA10871; Sat, 19 Jul 1997 13:00:20 +0200 (MET DST) Received: (from andreas@localhost) by klemm.gtn.com (8.8.6/8.8.6) id MAA04192; Sat, 19 Jul 1997 12:51:19 +0200 (CEST) Message-ID: <19970719125118.60102@gtn.com> Date: Sat, 19 Jul 1997 12:51:18 +0200 From: Andreas Klemm To: sthaug@nethelp.no Cc: andreas@klemm.gtn.com, hackers@FreeBSD.ORG Subject: Re: sendmail complains about being unable to write his pid file References: <19970719120826.19772@gtn.com> <15406.869308066@verdi.nethelp.no> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.76 In-Reply-To: <15406.869308066@verdi.nethelp.no>; from sthaug@nethelp.no on Sat, Jul 19, 1997 at 12:27:46PM +0200 X-Disclaimer: A free society is one where it is safe to be unpopular X-Operating-System: FreeBSD 3.0-CURRENT SMP Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Sat, Jul 19, 1997 at 12:27:46PM +0200, sthaug@nethelp.no wrote: > > > I'm always nervous about directories owned by bin, on the assumption > > > that bin might be easier to break than root, and could then be used > > > as a stepstone to breaking root. > > > > I don't believe this, because bin isn't a password protected login. > > Look here: > > bin:*:3:7:Binaries Commands and Source,,,:/:/nonexistent > > That's fine - until somebody decides to run NFS. Then all bets are off. Ok, I understand. But this szenario only arise, if a system administrator decides to put a site into a hosts.equiv file. And yes, you are right, then people could start to 'hack' the server by making the clients ,bin' account to a login account, and if /var should be exported, then files or directories could be renamed or such ... It would be safer, to change the owner of system binaries and directories to root, since then you could put hosts more safely into the /etc/hosts.equiv file. You would have to add the -root export option, so that the NFS server's exported directories could be compromised. -- Andreas Klemm | klemm.gtn.com - powered by Symmetric MultiProcessor FreeBSD http://www.freebsd.org/~fsmp/SMP/SMP.html http://www.freebsd.org/~fsmp/SMP/benches.html