From owner-freebsd-hackers Sat Jul 19 05:42:15 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id FAA24073 for hackers-outgoing; Sat, 19 Jul 1997 05:42:15 -0700 (PDT) Received: from helbig.informatik.ba-stuttgart.de (rvc1.informatik.ba-stuttgart.de [141.31.112.22]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id FAA24062 for ; Sat, 19 Jul 1997 05:42:11 -0700 (PDT) Received: (from helbig@localhost) by helbig.informatik.ba-stuttgart.de (8.8.6/8.8.5) id OAA28753; Sat, 19 Jul 1997 14:41:49 +0200 (MET DST) From: Wolfgang Helbig Message-Id: <199707191241.OAA28753@helbig.informatik.ba-stuttgart.de> Subject: Re: sendmail complains about being unable to write his pid file In-Reply-To: <15406.869308066@verdi.nethelp.no> from "sthaug@nethelp.no" at "Jul 19, 97 12:27:46 pm" To: sthaug@nethelp.no Date: Sat, 19 Jul 1997 14:41:47 +0200 (MET DST) Cc: andreas@klemm.gtn.com, hackers@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL30 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > > > I'm always nervous about directories owned by bin, on the assumption > > > that bin might be easier to break than root, and could then be used > > > as a stepstone to breaking root. > > > > I don't believe this, because bin isn't a password protected login. > > Look here: > > bin:*:3:7:Binaries Commands and Source,,,:/:/nonexistent > > That's fine - until somebody decides to run NFS. Then all bets are off. > > > I think it's a BSDism. bin is the UID and GID for Binaries, Commands > > and source as shown by the entry in /etc/passwd ... > > Yes, but the question stands - why is it setup this way? What is gained > by having binaries (and important directories) owned by bin instead of > root? More security? setuid / setgid will give you the powers of bin only, not of root. Wolfgang