From owner-freebsd-security Mon Nov 16 10:36:47 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA12639 for freebsd-security-outgoing; Mon, 16 Nov 1998 10:36:47 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id KAA12619 for ; Mon, 16 Nov 1998 10:36:35 -0800 (PST) (envelope-from imp@village.org) Received: from harmony [10.0.0.6] by rover.village.org with esmtp (Exim 1.71 #1) id 0zfTVR-0001l9-00; Mon, 16 Nov 1998 11:36:09 -0700 Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.1/8.8.3) with ESMTP id LAA04984; Mon, 16 Nov 1998 11:35:30 -0700 (MST) Message-Id: <199811161835.LAA04984@harmony.village.org> To: Matthew Dillon Subject: Re: Would this make FreeBSD more secure? Cc: Andre Albsmeier , freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Mon, 16 Nov 1998 02:55:14 PST." <199811161055.CAA18393@apollo.backplane.com> References: <199811161055.CAA18393@apollo.backplane.com> <19981116072937.E969@internal> <19981115192224.A29686@internal> <19981115161548.A23869@internal> <199811151758.JAA15108@apollo.backplane.com> <19981115192224.A29686@internal> <199811152210.PAA01604@harmony.village.org> <199811160658.XAA01912@harmony.village.org> Date: Mon, 16 Nov 1998 11:35:30 -0700 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <199811161055.CAA18393@apollo.backplane.com> Matthew Dillon writes: : There are only a limited number of programs that run as root or are : suid root. Being able to plug even half a dozen of them by removing : their root privilages would be a major win. Yes. However, this would close only one or two. Those being those programs that do authorization based on user name, but do NOT change the uid of the user. : I can find no good reason why, for example, ntalkd must be run as root. : It does a stupid getuid() test in main() that should be ripped out... : it really only needs tty group access to work. I'd agree with that. : identd sure doesn't need root. kmem group access is plenty sufficient. That is correct as well. : Both of these are turned on by default in inetd.conf, neither of these : requires root. All it would take to fix them would be to add two dummy : users to master.passwd 'tty' and 'kmem' (with bin group privs), to fix : talkd.c to remove the silly getuid() test, and to fix inetd.conf (run : ntalkd as tty:tty and identd as kmem:kmem). yikes!!! I think that might be worth considering. : I wonder how many other programs can be trivially fixed like that. : Certainly sendmail does not need to be run as root, yet it is in : /usr/src/etc/rc. lpd ? Why in gods name does lpd need to be run : as root? sendmail needs to run as root to deliver mail and to bind to port 25. There may be some ways around this, but to date I've seen none that don't open huge holes elsewhere. lpd needs to run as root to access the files that it is printing, and to bind to its listening port. I'm not sure a good way around that... Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message