Date: Sat, 23 Jan 1999 21:18:23 -0500 (EST) From: Robert Watson <robert@cyrus.watson.org> To: The Unicorn <unicorn@unicorn.xs4all.nl> Cc: cjclark@home.com, freebsd-security@FreeBSD.ORG Subject: Re: bin Directory Ownership Message-ID: <Pine.BSF.3.96.990123211710.3494A-100000@fledge.watson.org> In-Reply-To: <19990123132613.A21293@unicorn.quux.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 23 Jan 1999, The Unicorn wrote: > On Sat, Jan 23, 1999 at 06:01:40AM -0500, Robert Watson wrote: > > > > You are correct--there is no security improvement through the use of the > > bin user. However, it is also the case that (aside from false assumptions > > about some improvement) security is probably not damaged by having a bin > > user. I am in the process of some research analyzing the impact of file > > and directory ownership affecting the UNIX trust model (especially w.r.t. > > setuid and setgid binaries). I will post the results when I finish up > > (probably in a month or so). Access to the bin account is very limited; > > effectively, to acquire a uid bin process capable of modifying the > > binaries, you would first have to have a uid root process that you had > > subverted. > > This is not always the case. Have a look at the old but still valid > paper from Wietse and Dan: "admin-guide-to-cracking-101" also known as > "Improving the Security of Your Site by Breaking Into it". Especially > the part on the use of rsh and the wildcard in the /etc/hosts.equiv file > (yeah, I know that allowing the r-commands is a BIG NO-NO ;-). At least on my system, none of these accounts have valid shells, so r* should block login (/nonexistent). Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990123211710.3494A-100000>