>Ok, I'll expose my ignorance and ask, what is the specific vulnerability >of bin owned files? I understand how it is a problem on NFS exported >files to insecure hosts, but what is the risk for files/dirs on a locally >non-exported file system? What about groups, is bin a bad group also? Apart from the problem with NFS exports, there might be a second problem: an easy way to become root from being that other user. Root should own all files it executaes and all directories they are contained in or an easy transition from user (e.g. bin) to root is possible. There have been a number of bugs/configuration errors that make it possible for a cracker to become any user but root. On systems with certain files (e.g., /bin/sh) /directories (e.g., /etc) owned by bin, an easy path to root is provided. Group ownership is an other matter entirely, as long as the files/dirs don't have group write permission. Unfortunately, some systems ship like that. E.g., Solaris 2.x ships with mode 775 /etc and far to man other files as well. A script to fix many of Solaris' faulty modes while still maintaining the ability to install patches can be found in ftp.fwi.uva.nl:/pub/solaris/auto-install/*. Casper