From owner-freebsd-security@FreeBSD.ORG Fri Jun 22 17:25:24 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4AD941065673 for ; Fri, 22 Jun 2012 17:25:24 +0000 (UTC) (envelope-from fahad@budacom.net) Received: from vms173001pub.verizon.net (vms173001pub.verizon.net [206.46.173.1]) by mx1.freebsd.org (Postfix) with ESMTP id 273C18FC18 for ; Fri, 22 Jun 2012 17:25:23 +0000 (UTC) Received: from [192.168.1.13] ([unknown] [71.189.7.103]) by vms173001.mailsrvcs.net (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009)) with ESMTPA id <0M6100ERQ4DLLQ5W@vms173001.mailsrvcs.net> for freebsd-security@freebsd.org; Fri, 22 Jun 2012 12:25:02 -0500 (CDT) Message-id: <4FE4AA67.4060900@budacom.net> Date: Fri, 22 Jun 2012 10:24:55 -0700 From: Fahad User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1 MIME-version: 1.0 To: freebsd-security@freebsd.org References: <201206221343.q5MDhmvS045187@fire.js.berklix.net> <20120622155928.GA9983@DataIX.net> In-reply-to: Content-type: text/plain; charset=UTF-8; format=flowed Content-transfer-encoding: 7bit X-Mailman-Approved-At: Fri, 22 Jun 2012 17:58:42 +0000 Subject: Re: / owned by bin causes sshd to complain bad ownership X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jun 2012 17:25:24 -0000 As Mark put it, if everything is owned by bin you would need to be root to do anything. Where is the benefit in this ?, you mentioned stupid junior admins , well in that case have a better hiring process , no need to obfuscate the current setup. On 06/22/2012 09:36 AM, Mark Felder wrote: > On Fri, 22 Jun 2012 10:59:28 -0500, Jason Hellenthal > wrote: > >> >> Security principles are well laid out and have not changed in a long >> time. Vering away from those principles will cause a LOT of >> administrative overhead as most software out there can expect a sane >> environment if / is root:wheel > > Well he claims that bin owned everything back in the day and I didn't > touch a *nix system until long after the time he describes. I can't > imagine the benefit or functionality of a system with bin owning > everything.... if everything precious is owned by bin, and bin isn't a > standard system user, someone would have to elevate to root to do > anything nasty. In the current setup you'd have to elevate to root to > do something nasty. > > I see no benefit in binaries or libraries being owned by bin. > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org"