From owner-freebsd-hackers  Tue Oct 15 00:25:10 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id AAA07470
          for hackers-outgoing; Tue, 15 Oct 1996 00:25:10 -0700 (PDT)
Received: from irz301.inf.tu-dresden.de (irz301.inf.tu-dresden.de [141.76.1.11])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id AAA07434
          for <freebsd-hackers@freebsd.org>; Tue, 15 Oct 1996 00:24:55 -0700 (PDT)
Received: from sax.sax.de (sax.sax.de [193.175.26.33]) by irz301.inf.tu-dresden.de (8.6.12/8.6.12-s1) with ESMTP id JAA03507 for <freebsd-hackers@freebsd.org>; Tue, 15 Oct 1996 09:21:16 +0200
Received: (from uucp@localhost) by sax.sax.de (8.6.12/8.6.12-s1) with UUCP id JAA01401 for freebsd-hackers@freebsd.org; Tue, 15 Oct 1996 09:21:16 +0200
Received: (from j@localhost) by uriah.heep.sax.de (8.7.6/8.6.9) id JAA11699 for freebsd-hackers@freebsd.org; Tue, 15 Oct 1996 09:13:32 +0200 (MET DST)
From: J Wunsch <j@uriah.heep.sax.de>
Message-Id: <199610150713.JAA11699@uriah.heep.sax.de>
Subject: Re: /sbin/init permission
To: freebsd-hackers@freebsd.org (FreeBSD hackers)
Date: Tue, 15 Oct 1996 09:13:31 +0200 (MET DST)
Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
In-Reply-To: <199610150611.QAA29647@godzilla.zeta.org.au> from Bruce Evans at "Oct 15, 96 04:11:53 pm"
X-Phone: +49-351-2012 669
X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F  93 21 E0 7D F9 12 D6 4E 
X-Mailer: ELM [version 2.4ME+ PL17 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

As Bruce Evans wrote:

> Complete set of standard executables with annoying permissions in
> -current:
> 
> -r-x------  1 bin   bin        20480 Oct  2 04:24 /sbin/init
> -r-sr-x---  1 root  operator   12288 Oct  2 04:26 /sbin/shutdown

This one makes sense: any member of group `operator' is allowed to
shutdown the system, but nobody else.

> ---s--x--x  2 root  bin       286720 Oct  2 04:19 /usr/bin/sperl4.036
> ---s--x--x  2 root  bin       286720 Oct  2 04:19 /usr/bin/suidperl

Old paranoia.  SysV UUCP's used to ship with this set of permissions,
too.  Basically useless if /usr/src is also on the system. :)

> -r-sr-x---  1 uucp  uucp       90112 Oct  2 04:09 /usr/libexec/uucp/uuxqt

Seems to make sense.

> -r-x------  1 bin   bin        12288 Oct  2 04:42 /usr/sbin/watch
> 
> The missing permissions for `watch' make it unusable by root if /usr
> is nfs-mounted without maproot=0.

In particular, they suggest that user `bin' were allowed to start
watch.  Oh well, the source of `watch' is a fine mess... not only that
it abuses sgtty instead of termios, it declares main() to return
`void' and such. :-(  Seems it has been written too late at night.
Anyway, the permissions on it are useless, opening the snoop device
is already protected by suser() in the kernel, so this should suffice.

-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)