Subject: Re: Library permissions and security
To: Stephen J. Roznowski <sjr@zombie.ncsc.mil>
From: John F. Woods <jfw@ksr.com>
List: current-users
Date: 03/29/1994 09:24:22
> > if you are able to gain user 'bin', you can do damn near anything
> > you want. have you looked at the ownership of /bin/sh lately?
> No argument here.... Should the bsd.own.mk files be updated to install
> stuff with owner root?
Why? It is no easier to become bin than to become root; in fact, it is
probably marginally harder, since no sane installation has a valid password
for the bin account, and there are no setuid-bin executables to take advantage
of bugs in.
------------------------------------------------------------------------------