Bugtraq mailing list archives
Re: bin ownership problem
From: jmc () gnu ai mit edu (jmc () gnu ai mit edu)
Date: Wed, 18 May 1994 23:47:55 -0400 (EDT)
Ok, I'll expose my ignorance and ask, what is the specific vulnerability of bin owned files? I understand how it is a problem on NFS exported files to insecure hosts, but what is the risk for files/dirs on a locally non-exported file system? What about groups, is bin a bad group also?
The main problem I've ever had with bin owning system files and other user id's owning things as well (daemon, gmaes, etc) is that it's just that much more to watch for. With root owning all the important stuff it centers your attention on that userid and prevention with just one userid. A prime example is /usr/games/chesstool on sunos 4.1.x machines. It came setuid bin for some unknown reason (I have this theory there is someone assigned at sun to just put random permissions on programs before they hit the cd :-). Well, if you pop up sunview which is needed to run this, you can get any program you want run as user bin. And guess what, /etc is owned by bin on a standard install. James hc
Current thread:
- Re: permissions Bruce Barnett (May 17)
- Re: permissions Casper Dik (May 17)
- Re: permissions Howard the Energizer (May 17)
- Re: permissions Perry E. Metzger (May 17)
- Re: permissions Howard the Energizer (May 17)
- Re: permissions Bruce Gingery (May 17)
- Re: permissions Perry E. Metzger (May 17)
- Re: permissions Daniel Azuelos (May 17)
- Re: permissions rik.harris () vifp monash edu au (May 18)
- bin ownership problem Brian Parent (May 18)
- Re: bin ownership problem jmc () gnu ai mit edu (May 18)
- Re: bin ownership problem Casper Dik (May 19)
- Re: bin ownership problem Perry E. Metzger (May 19)
- Re: bin ownership problem Bruce Gingery (May 19)
- <Possible follow-ups>
- Re: permissions Evil Pete (May 17)
- Re: Re: permissions Pete Hartman (May 17)
- Re: permissions Brad Powell - Sun CIS (May 18)