Date: Sun, 24 Jan 1999 17:09:57 -0700 From: Warner Losh <imp@village.org> To: Coranth Gryphon <gryphon@healer.com> Cc: cjclark@home.com, freebsd-security@FreeBSD.ORG Subject: Re: bin Directory Ownership Message-ID: <199901250009.RAA06600@harmony.village.org> In-Reply-To: Your message of "Sat, 23 Jan 1999 11:49:40 PST." <36AA27D4.C65CE38@healer.com> References: <36AA27D4.C65CE38@healer.com> <199901230414.XAA02392@cc942873-a.ewndsr1.nj.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
bin owned files can be more insecure than root owned files. How you ask? nfs is one way. When you have bin owned files, they can be changed remotely by the user bin. However, unless you specifically enable trusting remote root, root owned files cannot be changed like that. Diskless machines would create a possible vulnerability here if one of them was compromised. It has been argued that root owned files are vulnerable when someone breaks root. This is true. However, bin owned files are also vulnerable to change when root is broken. When bin is broken, bin owned files are also vulnerable. Having root owned files in directories owned by another user can be a small weakness. Those files would be vulnerable to being removed or renamed by the user who owns the directory. This would allow that user to substitute their own files in place of the ones owned by root. So it is undesirable to have this slight vulnerablity. That's why -current (3.0 release and newer) has changed the ownership from bin to root. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199901250009.RAA06600>