Subject: Library permissions and security
To: None <current-users@sun-lamp.cs.berkeley.edu>
From: Stephen J. Roznowski <sjr@zombie.ncsc.mil>
List: current-users
Date: 03/27/1994 17:36:09
A while ago, there was a discussion about gaining root access via suid
programs through exploiting libcrypt.so.*. Well, since the libraries
are installed with owner bin (group bin), it appears that if you are
able to become bin on a system, gaining root is trivial.

My question, should /usr/share/mk/bsd.own.mk be changed to install
binaries and libraries with owner root instead of owner bin?

-SR

------------------------------------------------------------------------------