Subject: Re: changing default user from bin:bin to root:wheel
To: None <firstname.lastname@example.org, email@example.com>
From: Bruce Barnett <firstname.lastname@example.org>
Date: 02/20/1998 14:09:40
> Perfectly correct. A general principle of security is that if you
> can set things up to avoid opportunities for small errors, you
Exactly my point about the group "bin".
I have seen some people install files 6711 instead of 4711 - by
mistake. This is not a BIG concern - I admit. If the file is setuid to
root, who cares about the group? But some files are not setuid to root.
If this is something that concerns you, this is my suggestion:
All the directories (unless otherwise necessary) should be group "wheel."
All setuid files should be group "bin". (or some other group besides wheel).
All setgid files should NOT be bin or wheel.
Therefore if a file gains the g+s bit by mistake, no extra privileges
occur, because "bin" has none. For a compromise to occur, the following
four "mistakes" must happen:
a) A group writable directory/file must exist
b) A file must belong to the wrong group
c) The file is made "chmod g+s" by mistake
d) The file must be vulnerable (stack overflow, NFS, etc.)
But if you eliminate group "bin", then you lose this extra (and
admittedly slim) protection. Therefore my argument is that group
"bin" is useful, and should not be eliminated.
Comments? Anyone see a flaw in my logic?