From owner-freebsd-hackers  Tue Oct 15 02:20:58 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id CAA18406
          for hackers-outgoing; Tue, 15 Oct 1996 02:20:58 -0700 (PDT)
Received: from who.cdrom.com (who.cdrom.com [204.216.27.3])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id CAA18398
          for <freebsd-hackers@FreeBSD.ORG>; Tue, 15 Oct 1996 02:20:55 -0700 (PDT)
Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5])
          by who.cdrom.com (8.7.5/8.6.11) with SMTP id CAA22861
          for <freebsd-hackers@FreeBSD.ORG>; Tue, 15 Oct 1996 02:20:51 -0700 (PDT)
Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id JAA00416; Tue, 15 Oct 1996 09:39:22 +0100
From: Luigi Rizzo <luigi@labinfo.iet.unipi.it>
Message-Id: <199610150839.JAA00416@labinfo.iet.unipi.it>
Subject: Re: /sbin/init permission
To: bde@zeta.org.au (Bruce Evans)
Date: Tue, 15 Oct 1996 09:39:22 +0100 (MET)
Cc: freebsd-hackers@FreeBSD.ORG, j@uriah.heep.sax.de
In-Reply-To: <199610150611.QAA29647@godzilla.zeta.org.au> from "Bruce Evans" at Oct 15, 96 04:11:34 pm
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> >> And, back to the original question: any objection in changing
> >> /sbin/init permissions to 0555 ?
> >
> >I hesitate to decide this without any further opinions...
> 
> Complete set of standard executables with annoying permissions in
> -current:
> 
> -r-x------  1 bin   bin        20480 Oct  2 04:24 /sbin/init
> -r-sr-x---  1 root  operator   12288 Oct  2 04:26 /sbin/shutdown
> ---s--x--x  2 root  bin       286720 Oct  2 04:19 /usr/bin/sperl4.036
> ---s--x--x  2 root  bin       286720 Oct  2 04:19 /usr/bin/suidperl
> -r-sr-x---  1 uucp  uucp       90112 Oct  2 04:09 /usr/libexec/uucp/uuxqt
> -r-x------  1 bin   bin        12288 Oct  2 04:42 /usr/sbin/watch
> 
> The missing permissions for `watch' make it unusable by root if /usr
> is nfs-mounted without maproot=0.

for suid applications there is a reason for being restrictive. For
others, there is not (or at least, this is site-dependant).

	Luigi
====================================================================
Luigi Rizzo                     Dip. di Ingegneria dell'Informazione
email: luigi@iet.unipi.it       Universita' di Pisa
tel: +39-50-568533              via Diotisalvi 2, 56126 PISA (Italy)
fax: +39-50-568522              http://www.iet.unipi.it/~luigi/
====================================================================