Hi!

Upon booting a cleanly installed NetBSD 1.5.2 box, there are a few things
that seem strange. Notably the number of set uid and set gid binaries.
(The other thing, I suppose, is that inetd is running apparently
for no reason at all, until it is configured)

For example:

/bin/df is sgid operator - yet appears to operate fine without this.
/sbin/{r,}dump{,_lfs} are sgid tty - this again (to me) doesn't seem
necessary.

other such binaries are: /sbin/ccdconfig, /usr/sbin/pppd,
/sbin/shutdown (this makes sense in some situations, I suppose, but anyone
with gid operator could, fairly easily, obtain root through read access on
/dev/[ws]d*), /usr/bin/login, /usr/sbin/sliplogin

Obviously making a default configuration as generic as possible is a complex
task, but some of these strike me as unnecessary in all to most
configurations. Am I the only one who finds this the case? :)

On one system I have /, /var and /usr slices. By removing the s[ug]id bit
from the binaries above, plus some others (uucp, rsh/rlogin) allows 
/var and / to be mounted nosuid.
Not that anything was stopping it before but now there are no s[gu]ids that
are likely to break.