You write:

# 
# > From: "Chris G. Demetriou" <cgd@postgres.Berkeley.EDU>
# > > A while ago, there was a discussion about gaining root access via suid
# > > programs through exploiting libcrypt.so.*. Well, since the libraries
# > > are installed with owner bin (group bin), it appears that if you are
# > > able to become bin on a system, gaining root is trivial.
# > 
# > if you are able to gain user 'bin', you can do damn near anything
# > you want.  have you looked at the ownership of /bin/sh lately?
# 
# No argument here.... Should the bsd.own.mk files be updated to install
# stuff with owner root?

No.  It is quite usefull having to not *be* root, but do some simple
maintenance.  Just like it is useful to have a mail group, etc...


--Toby.
-----------------------------------------------------------------
| Tobias Weingartner  |    PGP2.x Public Key available at       |
|   (204)725-3342     |  'finger weingart@austin.BrandonU.CA'   |
| %SYSTEM-F-ANARCHISM, the operating system has been overthrown |
-----------------------------------------------------------------

------------------------------------------------------------------------------