From owner-freebsd-security  Sun Mar 14  2:49:48 1999
Delivered-To: freebsd-security@freebsd.org
Received: from aniwa.sky (p25-max12.wlg.ihug.co.nz [216.100.145.25])
	by hub.freebsd.org (Postfix) with ESMTP id C37B014F3B
	for <freebsd-security@FreeBSD.ORG>; Sun, 14 Mar 1999 02:48:56 -0800 (PST)
	(envelope-from andrew@squiz.co.nz)
Received: from aniwa.sky (localhost [127.0.0.1])
	by aniwa.sky (8.9.1a/8.9.1) with ESMTP id XAA06895;
	Sun, 14 Mar 1999 23:48:18 +1300 (NZDT)
Message-Id: <199903141048.XAA06895@aniwa.sky>
X-Mailer: exmh version 2.0.2 2/24/98
To: Peter Jeremy <peter.jeremy@auss2.alcatel.com.au>
Cc: robert+freebsd@cyrus.watson.org, freebsd-security@FreeBSD.ORG
Subject: Re: ACL's 
In-reply-to: Your message of "Sun, 14 Mar 1999 20:07:28 +1000."
             <99Mar14.195521est.40346@border.alcanet.com.au> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sun, 14 Mar 1999 23:48:17 +1300
From: Andrew McNaughton <andrew@squiz.co.nz>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Peter Jeremy <peter.jeremy@auss2.alcatel.com.au> wrote:
> Robert Watson <robert@cyrus.watson.org> wrote: 
> >I.e., user creates a hard link to /usr/sbin/somesetuidbin to
> >/usr/tmp/mytemp.
> 
> Normal users shouldn't have write permission anywhere on a partition
> containing system binaries - this also removes the problem.  (Note
> that /usr/tmp is accessible only by root under FreeBSD).

There's some sense in that.  It's worthy of note then that this is not how a FreeBSD default install is set up.  Perhaps it should be?

Andrew McNaughton


-- 
-----------
Andrew McNaughton
andrew@squiz.co.nz
http://www.newsroom.co.nz/




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message