Date: Fri, 30 Jun 1995 11:41:54 -0700 (PDT) From: "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com> To: luigi@labinfo.iet.unipi.it (Luigi Rizzo) Cc: hackers@freebsd.org Subject: Re: Access rights on /sbin/init and other files Message-ID: <199506301841.LAA13508@gndrsh.aac.dev.com> In-Reply-To: <199506301600.SAA03660@labinfo.iet.unipi.it> from "Luigi Rizzo" at Jun 30, 95 06:00:32 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > What is the point of having the following access rights ? > > -r-x------ 1 bin bin 151552 Jun 10 12:04 /sbin/init > -r-x------ 1 bin bin 12288 Jun 10 12:04 /usr/sbin/watch > > To me it makes no sense to deny read/execute permission to standard > executables. These are not standard executables, and infact /sbin/init should probably not even be executable (but that would require a minor change to the kernel.) > They don't contain critical data, are not SUID/SGID, > and any user can get a copy of them anyways, from the distribution. You are free to change them on your system, but this was the decission that has been made on what mode's these files shall have. It is best for the standard distribution to error on the side of conservative security measures than to error the other way. These are security related binaries. > Can we change the modes to 555 in future snapshots/distributions ? No. -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Reliable computers for FreeBSD
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199506301841.LAA13508>