As Mark put it, if everything is owned by bin you would need to be root
to do anything. Where is the benefit in
this ?, you mentioned stupid junior admins , well in that case have a
better hiring process , no need to obfuscate the current
setup.
On 06/22/2012 09:36 AM, Mark Felder wrote:
On Fri, 22 Jun 2012 10:59:28 -0500, Jason Hellenthal
<jhellent...@dataix.net> wrote:
Security principles are well laid out and have not changed in a long
time. Vering away from those principles will cause a LOT of
administrative overhead as most software out there can expect a sane
environment if / is root:wheel
Well he claims that bin owned everything back in the day and I didn't
touch a *nix system until long after the time he describes. I can't
imagine the benefit or functionality of a system with bin owning
everything.... if everything precious is owned by bin, and bin isn't a
standard system user, someone would have to elevate to root to do
anything nasty. In the current setup you'd have to elevate to root to
do something nasty.
I see no benefit in binaries or libraries being owned by bin.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to
"freebsd-security-unsubscr...@freebsd.org"
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
