From owner-cvs-etc  Mon Aug 26 09:47:02 1996
Return-Path: owner-cvs-etc
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id JAA24030
          for cvs-etc-outgoing; Mon, 26 Aug 1996 09:47:02 -0700 (PDT)
Received: from mail.barrnet.net (mail.barrnet.net [131.119.246.7])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id JAA23828;
          Mon, 26 Aug 1996 09:42:48 -0700 (PDT)
Received: from GndRsh.aac.dev.com (GndRsh.aac.dev.com [198.145.92.241]) by mail.barrnet.net (8.7.5/MAIL-RELAY-LEN) with SMTP id JAA14659; Mon, 26 Aug 1996 09:42:28 -0700 (PDT)
Received: (from rgrimes@localhost) by GndRsh.aac.dev.com (8.6.12/8.6.12) id JAA18817; Mon, 26 Aug 1996 09:39:44 -0700
From: "Rodney W. Grimes" <rgrimes@GndRsh.aac.dev.com>
Message-Id: <199608261639.JAA18817@GndRsh.aac.dev.com>
Subject: Re: cvs commit: src/etc/mtree BSD.var.dist src/usr.sbin/rwhod rwhod.c
To: pst@shockwave.com (Paul Traina)
Date: Mon, 26 Aug 1996 09:39:44 -0700 (PDT)
Cc: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org,
        cvs-etc@freefall.freebsd.org, cvs-usrsbin@freefall.freebsd.org
In-Reply-To: <199608261538.IAA12326@precipice.shockwave.com> from Paul Traina at "Aug 26, 96 08:38:44 am"
X-Mailer: ELM [version 2.4ME+ PL11 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-cvs-etc@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> Introduce NFS and you eliminate security anyway. 
                        ^^^^^^^^^  pretty strong word, you may decrease it,
but you don't eliminate it.  I'm not so worried about hackers as I am about
stupid things done by clients (people) on NFS clients (machines) that 
otherwise have reasonably restricted access to the server.

> It's actually 775 daemon.daemon I believe.

That I can live with.

> If you have a better suggestion, I'm all ears.  It's currently a compromise.

Run as sgid daemon perhaps?  And make the /var/rwho directory mode 575.

>   From: "Rodney W. Grimes" <rgrimes@GndRsh.aac.dev.com>
>   Subject: Re: cvs commit:  src/etc/mtree BSD.var.dist src/usr.sbin/rwhod rwhod
> >>.c
>   > pst         96/08/25 14:37:12
>   > 
>   >   Modified:    etc/mtree  BSD.var.dist
>   >                usr.sbin/rwhod  rwhod.c
>   >   Log:
>   >   Fix buffer overrun, and run as nobody
>   
>   Hummm... I take it that you set /var/rwho nobody:whoever mode 755, which
>   now means /var/rwho is open for writting into if /var is NFS exported...
>   and all the datafiles will be smashable by other NFS hosts :-(.
>   
>   
>   -- 
>   Rod Grimes                                      rgrimes@gndrsh.aac.dev.com
>   Accurate Automation Company                 Reliable computers for FreeBSD
> 


-- 
Rod Grimes                                      rgrimes@gndrsh.aac.dev.com
Accurate Automation Company                 Reliable computers for FreeBSD