> Recommendation:
> A number of the executables located in /sbin and /usr/sbin are
> never going to be invoked for any legitimate use by anyone other
> than the superuser. In particular, servers such as portmap and
> inetd run by non-root users are unlikely to do what was intended.
> It seems a prudent measure to simply not set execute permission
> by "other" on such programs during the install, giving the user
> a handy "Permission denied" message when such an attempt is made.
Since these files don't run with any extra privileges (i.e., they're
not setuid or setgid), nothing stops a user from uploading their own
copy and running it. Your proposal doesn't actually improve security;
it just annoys the attacker. Whether this is a good thing or a waste
of time is a matter of opinion; personally, I'm in the latter boat
(i.e., I see no reason to do this).
Dima Dorfman
[EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
