Date: Mon, 24 Mar 1997 08:09:50 +0100 From: j@uriah.heep.sax.de (J Wunsch) To: freebsd-bugs@freebsd.org Subject: Re: sendmail can't create PID file because of owner permission of /var/run Message-ID: <19970324080950.WP16275@uriah.heep.sax.de> In-Reply-To: <199703240519.NAA10729@spinner.DIALix.COM>; from Peter Wemm on Mar 24, 1997 13:19:10 %2B0800 References: <19970324000800.WG00772@uriah.heep.sax.de> <199703240519.NAA10729@spinner.DIALix.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
As Peter Wemm wrote: > I mentioned NFS "for example". Having the entire system writeable by uid > bin means that the system can easily be compromised by the "bin" account, > as well as root. From my subjective observations, 99% of system security > analysis seems to be focused on protecting root - "bin" seems to get > rather little scrutiny. Since bin has no password (and no shell) on 99.9 % of the systems, you must be root before you can become bin anyway. So what? If the intruder is root already, assigning all the system binaries to root wouldn't help. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970324080950.WP16275>