Subject: Re: newsyslog
To: Dave Sainty <firstname.lastname@example.org>
From: Todd Vierling <email@example.com>
Date: 07/28/1998 09:54:06
On Wed, 29 Jul 1998, Dave Sainty wrote:
: newsyslog is explicitly installed with BINOWN root. This seems
: pointless as it isn't setuid. Is there a deeper meaning for this, or
: is it just an oversight?
This was changed in the interest of security a while ago (as were all other
binaries using BINOWN): installing trojans is far easier on systems where
you may be able to get access as a user other than root and overwrite bins
that aren't owned by root.
-- Todd Vierling (Personal firstname.lastname@example.org; Bus. email@example.com)