Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 22 Jan 1996 02:32:42 -0800
From:      David Greenman <davidg@Root.COM>
To:        Luigi Rizzo <luigi@labinfo.iet.unipi.it>
Cc:        imp@village.org (Warner Losh), hackers@FreeBSD.org, dworkin@rover.village.org
Subject:   Re: Security (was: Re: Two commands: icat and ils) 
Message-ID:  <199601221032.CAA14292@Root.COM>
In-Reply-To: Your message of "Mon, 22 Jan 1996 11:03:44 %2B0100." <199601221003.LAA04703@labinfo.iet.unipi.it> 

next in thread | previous in thread | raw e-mail | index | archive | help
>Why ? Security must be enforced with proper protections, not by
>simply trying to hide information which *is* available. One thing
>I never liked in FreeBSD:
>
>    www# ls -l /sbin/init /sbin/shutdown
>    -r-x------  1 bin   bin       143360 Nov 16 10:49 /sbin/init
>    -r-sr-x---  1 root  operator  135168 Nov 16 10:49 /sbin/shutdown
>
>as if denying *read* access to these publicly available files would
>prevent anyone from rebuilding them from the sources or getting a
>copy from the binary distribution or from the CDROM.

   That's not the reason they have read permissions removed. It's common for
people to have /sbin in their path - to pick up useful utilities which
probably shouldn't be in /sbin anyway (like ifconfig and ping, for example),
and executing /sbin/init by accident is not a good thing.

-DG

David Greenman
Core Team/Principal Architect, The FreeBSD Project



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199601221032.CAA14292>