Date: Mon, 16 Nov 1998 11:35:30 -0700 From: Warner Losh <imp@village.org> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>, freebsd-security@FreeBSD.ORG Subject: Re: Would this make FreeBSD more secure? Message-ID: <199811161835.LAA04984@harmony.village.org> In-Reply-To: Your message of "Mon, 16 Nov 1998 02:55:14 PST." <199811161055.CAA18393@apollo.backplane.com> References: <199811161055.CAA18393@apollo.backplane.com> <19981116072937.E969@internal> <19981115192224.A29686@internal> <19981115161548.A23869@internal> <199811151758.JAA15108@apollo.backplane.com> <19981115192224.A29686@internal> <199811152210.PAA01604@harmony.village.org> <199811160658.XAA01912@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199811161055.CAA18393@apollo.backplane.com> Matthew Dillon writes: : There are only a limited number of programs that run as root or are : suid root. Being able to plug even half a dozen of them by removing : their root privilages would be a major win. Yes. However, this would close only one or two. Those being those programs that do authorization based on user name, but do NOT change the uid of the user. : I can find no good reason why, for example, ntalkd must be run as root. : It does a stupid getuid() test in main() that should be ripped out... : it really only needs tty group access to work. I'd agree with that. : identd sure doesn't need root. kmem group access is plenty sufficient. That is correct as well. : Both of these are turned on by default in inetd.conf, neither of these : requires root. All it would take to fix them would be to add two dummy : users to master.passwd 'tty' and 'kmem' (with bin group privs), to fix : talkd.c to remove the silly getuid() test, and to fix inetd.conf (run : ntalkd as tty:tty and identd as kmem:kmem). yikes!!! I think that might be worth considering. : I wonder how many other programs can be trivially fixed like that. : Certainly sendmail does not need to be run as root, yet it is in : /usr/src/etc/rc. lpd ? Why in gods name does lpd need to be run : as root? sendmail needs to run as root to deliver mail and to bind to port 25. There may be some ways around this, but to date I've seen none that don't open huge holes elsewhere. lpd needs to run as root to access the files that it is printing, and to bind to its listening port. I'm not sure a good way around that... Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811161835.LAA04984>