netbsd-bugs: Re: misc/143: Setuid programs installed unreadable

Subject: Re: misc/143: Setuid programs installed unreadable
To: Chris G. Demetriou <cgd@postgres.berkeley.edu>
From: Arne Henrik Juul <arnej@fm.unit.no>
List: netbsd-bugs
Date: 03/01/1994 20:50:59

 > once again, there are people out there using this code on systems which:
 > 	(1) don't have source installed
 > 	(2) don't have source easily accessible
 > 	(3) have users who aren't necessarily the most savory...
 > 
 > 
 > Just because it's a moot point to you, and just because everybody
 > on the internet can get the source easily (IF THEY KNOW WHERE TO LOOK)
 > DOES NOT MEAN that it's irrelevant for 'randoms' out there running the
 > system.
 > 
 > 
 > cgd

   Well, this wasn't intended to start a heated discussion, only point
out a discrepancy in NetBSD. Basically, Chris (and others) are arguing
that 1) there is no value in having the binaries readable, 2) there is
some security in having them unreadable. I am arguing that 1) there is
some (admittedly small) pain in having them unreadable, and 2) there is
no real security provided by having them unreadable. Can we agree to
disagree now?
   There is still a real discrepancy though. The programs that currently
are unreadable aren't exactly the most likely security holes. For
example, sendmail is installed mode 4555. If the NetBSD core group takes
(has taken?) the position that setuid binaries should be non-readable by
default, it should be done consistently. The result of a quick grep
through Makefiles shown below. Should I make a patch with *555 -> *111
globally?

   Yours,
 Arne H. J.


'strange' mode: sbin/disklabel is mode 2550

mode 4555:

bin/rcp
games/dm
gnu/libexec/uucp/cu
gnu/libexec/uucp/uucico
gnu/libexec/uucp/uucp
gnu/libexec/uucp/uuname
gnu/libexec/uucp/uustat
gnu/libexec/uucp/uux
gnu/libexec/uucp/uuxqt
libexec/mail.local
sbin/ping
sbin/route
usr.bin/at
usr.bin/chpass
usr.bin/lock
usr.bin/login
usr.bin/passwd
usr.bin/quota
usr.bin/rdist
usr.bin/rlogin
usr.bin/rsh
usr.bin/su
usr.sbin/pppd
usr.sbin/sendmail/src
usr.sbin/sliplogin
usr.sbin/timed/timedc
usr.sbin/traceroute


mode 6555:
sbin/dump
sbin/restore
usr.sbin/lpr/lpq
usr.sbin/lpr/lpr
usr.sbin/lpr/lprm

mode 2555:
bin/df
bin/ps
sbin/dmesg
usr.bin/fstat
usr.bin/ipcs
usr.bin/modstat
usr.bin/netstat
usr.bin/nfsstat
usr.bin/vmstat
usr.bin/w
usr.bin/wall
usr.bin/write
usr.sbin/arp
usr.sbin/iostat
usr.sbin/lpr/lpc
usr.sbin/pppd/pppstats
usr.sbin/slstats
usr.sbin/swapinfo
usr.sbin/trpt
usr.sbin/trsp

------------------------------------------------------------------------------