Date: Sat, 23 Jan 1999 06:01:40 -0500 (EST) From: Robert Watson <robert@cyrus.watson.org> To: cjclark@home.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: bin Directory Ownership Message-ID: <Pine.BSF.3.96.990123055843.17775A-100000@fledge.watson.org> In-Reply-To: <199901230414.XAA02392@cc942873-a.ewndsr1.nj.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 22 Jan 1999, Crist J. Clark wrote: > From a number of sources, I have been told it is not ideal, from a > security point of view, to have any root owned executables in a > directory owned by another user, even an administrative user. The > logic is that even if administrative users have logins disabled, their > actions, if they do get a shell or some ability to execute commands, > are not as closely watched as root. Since it is gernerally assumed > commands owned by root are 'safe,' the fact that these commands could > be switched to something else by a non-root user is considered a > securiy hole. > > I have noticed that /usr/bin has the ownership of user 'bin' and group > 'bin.' This is in spite of the fact that I count more than 2 dozen > commands onwed by root that are installed by the standard FreeBSD > installation tools or ports. In addition, /usr/libexec and /usr/sbin > (!!!) are owned by bin but contain root owned executables. > > Am I being over protective? Is there a problem with my installation? > Do I need to relax? > > Thanks for any responses. -- Crist J. Clark cjclark@home.com You are correct--there is no security improvement through the use of the bin user. However, it is also the case that (aside from false assumptions about some improvement) security is probably not damaged by having a bin user. I am in the process of some research analyzing the impact of file and directory ownership affecting the UNIX trust model (especially w.r.t. setuid and setgid binaries). I will post the results when I finish up (probably in a month or so). Access to the bin account is very limited; effectively, to acquire a uid bin process capable of modifying the binaries, you would first have to have a uid root process that you had subverted. Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990123055843.17775A-100000>