home *** CD-ROM | disk | FTP | other *** search
- From: jbuck@forney.berkeley.edu (Joe Buck)
- Newsgroups: alt.security
- Subject: Ownership by "bin" instead of by "root"
- Date: 3 Mar 1992 21:12:01 GMT
- Organization: University of California, Berkeley
- Message-ID: <p0q31INNr0o@agate.berkeley.edu>
- References: <1992Mar2.145559.3166@pool.info.sunyit.edu> <SEANEY.92Mar3131443@robios5.me.wisc.edu>
-
- In article <SEANEY.92Mar3131443@robios5.me.wisc.edu>, seaney@robios.me.wisc.edu (Steve Seaney) writes:
- |> Question ( on a side note ) on our Sparcs Sun has set the /etc
- |> ownership to:
- |> drwxr-sr-x 9 bin staff 2048 Feb 28 11:10 etc/
-
- |> Should this be changed? Can I expect any problems when it is changed?
-
- If you're in an NFS environment, I would recommend changing the owner of
- /etc to root. The reason is that if someone cracks root on a machine
- that your machine "trusts" (because of /etc/hosts.equiv or for some other
- reason), that someone can say "su bin" and then your system will believe
- he should be treated as "bin" on your system, and he'll have the power
- to install anything he wants into the /etc/ directory.
-
- But "root" is special: NFS, rsh, etc, treat root on some other system as
- "nobody" on your system, so that if someone cracks root on a system you
- trust, he's still only a generic normal user on your system. This'll at
- least slow a good cracker down a bit.
-
- Conclusion: if you use NFS, rsh, rlogin, rcp, etc., then all system-critical
- files and directories (/etc, /bin, /usr/bin, etc, and everything in them)
- should be owned by root and writable only by root. The habit of having
- "bin" own things, or having a special "staff"/"wheel" group that could
- modify things, comes from pre-NFS days and it's no longer safe.
-
- --
- Joe Buck jbuck@ohm.berkeley.edu
-
-
