From owner-freebsd-hackers Wed May 21 21:31:47 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id VAA29360 for hackers-outgoing; Wed, 21 May 1997 21:31:47 -0700 (PDT) Received: from mexico.brainstorm.eu.org (root@mexico.brainstorm.fr [193.56.58.253]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id VAA29353 for ; Wed, 21 May 1997 21:31:42 -0700 (PDT) Received: from brasil.brainstorm.eu.org (brasil.brainstorm.fr [193.56.58.33]) by mexico.brainstorm.eu.org (8.8.4/8.8.4) with ESMTP id GAA29754 for ; Thu, 22 May 1997 06:31:29 +0200 Received: (from uucp@localhost) by brasil.brainstorm.eu.org (8.8.4/8.6.12) with UUCP id GAA00460 for freebsd-hackers@FreeBSD.ORG; Thu, 22 May 1997 06:31:18 +0200 Received: (from roberto@localhost) by keltia.freenix.fr (8.8.5/keltia-uucp-2.9) id AAA13877; Thu, 22 May 1997 00:07:53 +0200 (CEST) Message-ID: <19970522000753.45138@keltia.freenix.fr> Date: Thu, 22 May 1997 00:07:53 +0200 From: Ollivier Robert To: freebsd-hackers@FreeBSD.ORG Subject: Re: drwxr-xr-x 2 bin bin /usr/sbin References: <199705191535.TAA23174@ns.cs.msu.su> <199705200511.PAA16611@ogre.dtir.qld.gov.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.67 In-Reply-To: <199705200511.PAA16611@ogre.dtir.qld.gov.au>; from Stephen McKay on Tue, May 20, 1997 at 03:11:27PM +1000 X-Operating-System: FreeBSD 3.0-CURRENT ctm#3283 Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk According to Stephen McKay: > Of course, you are correct. Having /bin (and/or its contents) owned by > bin rather than root just adds another method for attacking your system. > Everything should be owned by root unless there is a good reason for it > to be owned by some other uid. Hear ! Hear ! I've been trying to change it on FreeBSD for years. We even discussed this again a few days ago between committers... (just ignore the /var/mail bit, it is another issue). ------------------------------------------------------------ Date: Mon, 5 May 1997 23:07:29 +0200 From: Ollivier Robert To: CVS-committers@FreeBSD.ORG Subject: Re: cvs commit: src/etc group X-Mailer: Mutt 0.67 According to J Wunsch: > And you already knew it doesn't work. :-) Think of setuid-non-root > binaries (the uucp subsystem and the man command). I don't see the problem. My point is that every non setuid/gid binary & and every directory/file should belong to root unless there is an express need for it to belong to someone else. UUCP and man are very good examples where non-root ownership is good. Having /lkm, /sbin belong to non-root is BAD. As for /var/mail, I don't see the need to change to 775 bin.mail. 755 root.whatever has been working for _ages_. I'd rather see mail.local/procmail as setuid root to deliver than Elm and Mutt setgid mail. The bin user is a rather bad idea in my book. It gains nothing and lessen security. ------------------------------------------------------------ -- Ollivier ROBERT -=- FreeBSD: There are no limits -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 3.0-CURRENT #9: Thu May 8 20:22:51 CEST 1997