Re: bin owned system files

[wam () fedex com (William McVey)]

"Robert E. Adams" wrote:
> Are there any known problems/bugs/etc. with "root" executing system binaries
> owned by "bin" as long as the "bin" account is disabled in /etc/passwd.
> (i.e. * for password and /bin/false for the shell).

In addition to the problems with bin ownership as it relates to NFS,
there are some other issues as well.  It all boils down to the principle
that under UNIX, the system has a single privileged account.  To protect
this account the system designers have placed features into UNIX to
better protect the root account.  These features do not exist for other
"system accounts" such as sys, bin, lp, and the like.  By having files
that root runs owned by the 'bin' owner, you are basically putting the
security of the privileged but better protected root account at the
mercy of not as protected account.

Some of these extra protections include:
        NFS mapping of uid 0 to nobody (already mentioned)
        special handling in ruserok() (hosts.equiv doesn't apply to root)
        secure tty login restrictions (root logins restricted to console)
        must be a member of group 0 to su to root (on some systems)

Various systems have other additional protections for root.

A very good tool for detecting what executables, shared libraries,
and config files are being executed by root but not owned by root
is the check_embedded script in the tiger distribution.  Tiger can
be found on net.tamu.edu and I'm sure a mirror exists at
coast.cs.purdue.edu (thanks Spaf).

 -- William McVey
    Federal Express