Date: Fri, 22 Jan 1999 23:14:40 -0500 (EST) From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: freebsd-security@FreeBSD.ORG Subject: bin Directory Ownership Message-ID: <199901230414.XAA02392@cc942873-a.ewndsr1.nj.home.com>
next in thread | raw e-mail | index | archive | help
>From a number of sources, I have been told it is not ideal, from a security point of view, to have any root owned executables in a directory owned by another user, even an administrative user. The logic is that even if administrative users have logins disabled, their actions, if they do get a shell or some ability to execute commands, are not as closely watched as root. Since it is gernerally assumed commands owned by root are 'safe,' the fact that these commands could be switched to something else by a non-root user is considered a securiy hole. I have noticed that /usr/bin has the ownership of user 'bin' and group 'bin.' This is in spite of the fact that I count more than 2 dozen commands onwed by root that are installed by the standard FreeBSD installation tools or ports. In addition, /usr/libexec and /usr/sbin (!!!) are owned by bin but contain root owned executables. Am I being over protective? Is there a problem with my installation? Do I need to relax? Thanks for any responses. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199901230414.XAA02392>