Re: bin ownership problem

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Casper Dik: "Re: bin ownership problem"
• Previous message: Evil Pete: "Re: permissions"
• In reply to: Brian Parent: "bin ownership problem"
• Next in thread: Casper Dik: "Re: bin ownership problem"

>
>Ok, I'll expose my ignorance and ask, what is the specific vulnerability
>of bin owned files?  I understand how it is a problem on NFS exported
>files to insecure hosts, but what is the risk for files/dirs on a locally
>non-exported file system?  What about groups, is bin a bad group also?
>
>

The main problem I've ever had with bin owning system files and other
user id's owning things as well (daemon, gmaes, etc) is that it's just that
much more to watch for. With root owning all the important stuff
it centers your attention on that userid and prevention with just one
userid.

A prime example is /usr/games/chesstool on sunos 4.1.x machines. It came
setuid bin for some unknown reason (I have this theory there is someone
assigned at sun to just put random permissions on programs 
before they hit the cd :-). Well, if you pop up sunview which is needed
to run this, you can get any program you want run as user bin. And guess
what, /etc is owned by bin on a standard install.

James
hc

• Next message: Casper Dik: "Re: bin ownership problem"
• Previous message: Evil Pete: "Re: permissions"
• In reply to: Brian Parent: "bin ownership problem"
• Next in thread: Casper Dik: "Re: bin ownership problem"