Re: bin owned system files

[dsiebert () icaen uiowa edu (dsiebert () icaen uiowa edu)]

Another thing to consider is that there are sometimes security problems
that allow you to obtain any user ID _except_ root.  I recall some sendmail
bugs in particular in the past that exhibited this behavior.  By having
bin-owned stuff that root uses/executes those "get any user ID other than
root" bugs are really "get root quick" bugs at that point.  And often it
is noted that since you can steal bin with a particular security hole that
it is trivial to then take root on most systems.

It is enough of a concern for me that I have given serious thought to doing
a chown of everything bin owns on my HP-UX 10.10 systems to root (if you do
this, watch out for "kermit", which is stupidly setuid-bin in HP-UX 10.10)
I see no point in the existance of bin at all other than as a security hole
waiting to happen, since nothing ever _runs_ as bin, at least under HP-UX.
At least uucp, lp, daemon, etc. have a reason for being since things are
supposed to be run under their id and some stuff is rightfully setuid to
their id.  This isn't true for bin, other than the aforementioned "kermit"
stupidity on HP-UX 10.10, but I'm sure that's just an accident that will
eventually be corrected.  Though I note it is still present in HP-UX 10.20.
(I guess I'm not positive the setuid bin thing is a bug, it is _possible_
this was intentional, and there are no ways to steal the bin id using kermit.
But I wouldn't bet the security of my systems on it!)

--
Douglas Siebert                Director of Computing Facilities
douglas-siebert () uiowa edu      Division of Mathematical Sciences, U of Iowa

"It is easier to apologize than to get permission"  -- Grace Hopper