From owner-freebsd-hackers Fri Jun 30 11:43:03 1995 Return-Path: hackers-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id LAA12388 for hackers-outgoing; Fri, 30 Jun 1995 11:43:03 -0700 Received: from gndrsh.aac.dev.com (gndrsh.aac.dev.com [198.145.92.241]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id LAA12373 for ; Fri, 30 Jun 1995 11:42:58 -0700 Received: (from rgrimes@localhost) by gndrsh.aac.dev.com (8.6.11/8.6.9) id LAA13508; Fri, 30 Jun 1995 11:41:54 -0700 From: "Rodney W. Grimes" Message-Id: <199506301841.LAA13508@gndrsh.aac.dev.com> Subject: Re: Access rights on /sbin/init and other files To: luigi@labinfo.iet.unipi.it (Luigi Rizzo) Date: Fri, 30 Jun 1995 11:41:54 -0700 (PDT) Cc: hackers@freebsd.org In-Reply-To: <199506301600.SAA03660@labinfo.iet.unipi.it> from "Luigi Rizzo" at Jun 30, 95 06:00:32 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 1090 Sender: hackers-owner@freebsd.org Precedence: bulk > > What is the point of having the following access rights ? > > -r-x------ 1 bin bin 151552 Jun 10 12:04 /sbin/init > -r-x------ 1 bin bin 12288 Jun 10 12:04 /usr/sbin/watch > > To me it makes no sense to deny read/execute permission to standard > executables. These are not standard executables, and infact /sbin/init should probably not even be executable (but that would require a minor change to the kernel.) > They don't contain critical data, are not SUID/SGID, > and any user can get a copy of them anyways, from the distribution. You are free to change them on your system, but this was the decission that has been made on what mode's these files shall have. It is best for the standard distribution to error on the side of conservative security measures than to error the other way. These are security related binaries. > Can we change the modes to 555 in future snapshots/distributions ? No. -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Reliable computers for FreeBSD