On Tue, 18 Nov 1997, Curt Sampson wrote:

> On Wed, 19 Nov 1997, matthew green wrote:
> 
> > can not most of this problem be solved by making all the games owned
> > by root.wheel, rather than games.bin ?
> 
> Then all the games would be suid root. :-) But as others have
> pointed out, we can probably minimise the risk by making games
> setgid.

Hey, if you go insecure may as well go all the way...

No, just do it with those non-setuid ones.  That removes the chance of
someone compromising games then substituting in a trojan
/usr/games/fortune, etc.

Then the setuid ones are a seperate issue.  OTOH, if you solve the setuid
games problem so nothing is setuid games you can safely leave the
non-setuid ones owned by games.  If nothing is going to be done about the
setuid games because everyone just likes talking, do something about the
non-setuid ones now.  

> 
> > personally, i want to do that
> > for *all* installed programs also...  i *really* don't understand the
> > concept of a `bin' account or group, when it comes to security issues.
> 
> I don't actually understand this either. Can anyone explain it?

It is done to provide more ways to hack in via NFS, not that there aren't
already enough ways.  My argument has always been nuke the bin user,
but...

Some people like the pretty ls -l listings and the ease of telling
binaries apart from... erm... all those other files in /usr/bin?