Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 22 May 1997 00:07:53 +0200
From:      Ollivier Robert <roberto@keltia.freenix.fr>
To:        freebsd-hackers@FreeBSD.ORG
Subject:   Re: drwxr-xr-x 2 bin bin /usr/sbin
Message-ID:  <19970522000753.45138@keltia.freenix.fr>
In-Reply-To: <199705200511.PAA16611@ogre.dtir.qld.gov.au>; from Stephen McKay on Tue, May 20, 1997 at 03:11:27PM %2B1000
References:  <199705191535.TAA23174@ns.cs.msu.su> <199705200511.PAA16611@ogre.dtir.qld.gov.au>
next in thread | previous in thread | raw e-mail | index | archive | help 
According to Stephen McKay:
> Of course, you are correct.  Having /bin (and/or its contents) owned by
> bin rather than root just adds another method for attacking your system.
> Everything should be owned by root unless there is a good reason for it
> to be owned by some other uid.

Hear ! Hear !

I've been trying to change it on FreeBSD for years.

We even discussed this again a few days ago between committers... (just
ignore the /var/mail bit, it is another issue).

------------------------------------------------------------
Date: Mon, 5 May 1997 23:07:29 +0200
From: Ollivier Robert <roberto@keltia.freenix.fr>                
To: CVS-committers@FreeBSD.ORG   
Subject: Re: cvs commit: src/etc group                                     
X-Mailer: Mutt 0.67
 
According to J Wunsch:
> And you already knew it doesn't work. :-)  Think of setuid-non-root    
> binaries (the uucp subsystem and the man command).                    
 
I don't see the problem.
 
My point is that every non setuid/gid binary & and every directory/file
should belong to root unless there is an express need for it to belong to
someone else.
 
UUCP and man are very good examples where non-root ownership is good.
 
Having /lkm, /sbin belong to non-root is BAD.
 
As for /var/mail, I don't see the need to change to 775 bin.mail.
755 root.whatever has been working for _ages_.
 
I'd rather see mail.local/procmail as setuid root to deliver than Elm and
Mutt setgid mail.
 
The bin user is a rather bad idea in my book. It gains nothing and lessen
security.
------------------------------------------------------------
-- 
Ollivier ROBERT -=- FreeBSD: There are no limits -=- roberto@keltia.freenix.fr
FreeBSD keltia.freenix.fr 3.0-CURRENT #9: Thu May  8 20:22:51 CEST 1997

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970522000753.45138>