Subject: Re: changing default user from bin:bin to root:wheel
To: None <barnett@grymoire.crd.ge.com, perry@piermont.com>
From: Bruce Barnett <barnett@grymoire.crd.ge.com>
List: tech-security
Date: 02/19/1998 13:45:20
> You don't seem to understand the issue here.

The issue I was addressing was:

	Is there a need for group bin?

I described a reason for having group "bin". NFS had nothing to do with
that reason.  


> 2) the issue is NFS semantics. NFS does no permissions checking -- the
>    only defense one has against ugly nfs evil is the nobody/nogroup
>    translation that happens to accesses by user/group 0. Stuff owned
>    by root:wheel can't be touched over NFS, which is what we want. 


That is a second issue. Now that you mention it, I wouldn't mind a
clarification of the difference between root:wheel and root:bin. I have
experimented with raw NFS, and I don't see why group wheel is
"required" for protection. 

For instance, where group "other" is not 0, the following file cannot
be "touched" by NFS (as far as I can tell):

drwx------   3 root     other        1024 Feb 19 10:03 .
drwxr-xr-x  66 root     wheel       20480 Feb 18 11:27 ..
-rwx------   1 root     other         225 Sep 24 16:27 file

If you wish to protect files from being modified, just make sure the
owner (of the file and directory) is root, and the permission (of the
file and directory) are denied group/world access. It doesn't matter,
as far as I can tell, whether wheel is used or not.

The real danger, as I see it, is in getting the proper group
permissions.  This in itself is not a problem. The problem is that if
there ARE sufficient group privileges, someone might gain access to
that group through setgid executables, or NFS file systems where the
group is not wheel. In other words, a combination of small errors can
compromise a system.


I would appreciate it if someone can point out the error in my thinking.