Subject: Re: Library permissions and security
To: Stephen J. Roznowski <>
From: John F. Woods <>
List: current-users
Date: 03/29/1994 09:24:22
> > if you are able to gain user 'bin', you can do damn near anything
> > you want.  have you looked at the ownership of /bin/sh lately?
> No argument here.... Should the files be updated to install
> stuff with owner root?

Why?  It is no easier to become bin than to become root; in fact, it is
probably marginally harder, since no sane installation has a valid password
for the bin account, and there are no setuid-bin executables to take advantage
of bugs in.