From owner-freebsd-hackers  Fri Jun 30 11:43:03 1995
Return-Path: hackers-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id LAA12388
          for hackers-outgoing; Fri, 30 Jun 1995 11:43:03 -0700
Received: from gndrsh.aac.dev.com (gndrsh.aac.dev.com [198.145.92.241])
          by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id LAA12373
          for <hackers@freebsd.org>; Fri, 30 Jun 1995 11:42:58 -0700
Received: (from rgrimes@localhost) by gndrsh.aac.dev.com (8.6.11/8.6.9) id LAA13508; Fri, 30 Jun 1995 11:41:54 -0700
From: "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com>
Message-Id: <199506301841.LAA13508@gndrsh.aac.dev.com>
Subject: Re: Access rights on /sbin/init and other files
To: luigi@labinfo.iet.unipi.it (Luigi Rizzo)
Date: Fri, 30 Jun 1995 11:41:54 -0700 (PDT)
Cc: hackers@freebsd.org
In-Reply-To: <199506301600.SAA03660@labinfo.iet.unipi.it> from "Luigi Rizzo" at Jun 30, 95 06:00:32 pm
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 1090      
Sender: hackers-owner@freebsd.org
Precedence: bulk

> 
> What is the point of having the following access rights ?
> 
> -r-x------   1 bin   bin       151552 Jun 10 12:04 /sbin/init
> -r-x------   1 bin   bin        12288 Jun 10 12:04 /usr/sbin/watch
> 
> To me it makes no sense to deny read/execute permission to standard
> executables.
These are not standard executables, and infact /sbin/init should probably
not even be executable (but that would require a minor change to the
kernel.)

> They don't contain critical data, are not SUID/SGID,
> and any user can get a copy of them anyways, from the distribution.

You are free to change them on your system, but this was the decission
that has been made on what mode's these files shall have.  It is best
for the standard distribution to error on the side of conservative
security measures than to error the other way.  These are security
related binaries.

> Can we change the modes to 555 in future snapshots/distributions ?

No.


-- 
Rod Grimes                                      rgrimes@gndrsh.aac.dev.com
Accurate Automation Company                 Reliable computers for FreeBSD