Bugtraq mailing list archives

Re: bin ownership problem

From: jmc () gnu ai mit edu (jmc () gnu ai mit edu)
Date: Wed, 18 May 1994 23:47:55 -0400 (EDT)


Ok, I'll expose my ignorance and ask, what is the specific vulnerability
of bin owned files?  I understand how it is a problem on NFS exported
files to insecure hosts, but what is the risk for files/dirs on a locally
non-exported file system?  What about groups, is bin a bad group also?


The main problem I've ever had with bin owning system files and other
user id's owning things as well (daemon, gmaes, etc) is that it's just that
much more to watch for. With root owning all the important stuff
it centers your attention on that userid and prevention with just one
userid.

A prime example is /usr/games/chesstool on sunos 4.1.x machines. It came
setuid bin for some unknown reason (I have this theory there is someone
assigned at sun to just put random permissions on programs 
before they hit the cd :-). Well, if you pop up sunview which is needed
to run this, you can get any program you want run as user bin. And guess
what, /etc is owned by bin on a standard install.

James
hc

Current thread:

Re: permissions Bruce Barnett (May 17)
- Re: permissions Casper Dik (May 17)
- Re: permissions Howard the Energizer (May 17)
  - Re: permissions Perry E. Metzger (May 17)
    - Re: permissions Howard the Energizer (May 17)
  - Re: permissions Bruce Gingery (May 17)
- Re: permissions Daniel Azuelos (May 17)
  - Re: permissions rik.harris () vifp monash edu au (May 18)
  - bin ownership problem Brian Parent (May 18)
    - Re: bin ownership problem jmc () gnu ai mit edu (May 18)
    - Re: bin ownership problem Casper Dik (May 19)
    - Re: bin ownership problem Perry E. Metzger (May 19)
    - Re: bin ownership problem Bruce Gingery (May 19)
- <Possible follow-ups>
- Re: permissions Evil Pete (May 17)
- Re: Re: permissions Pete Hartman (May 17)
- Re: permissions Brad Powell - Sun CIS (May 18)