Re: / owned by bin causes sshd to complain bad ownership
"Julian H. Stacey" writes: > I don't question the "user or" that's fine It's the final "root" I > find strange. I guess whoever wrote sshd was so used to "root" > they never considered "bin" could be better. Maybe they did, and decided it wasn't. I'm firmly of the opinion that it isn't. You also have to consider the cost of maintaining a list of "safe" owners, and the fact that this list may vary from OS to OS. DES -- Dag-Erling Smørgrav - d...@des.no ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
Re: / owned by bin causes sshd to complain bad ownership
Fahad writes: > As Mark put it, if everything is owned by bin you would need to be > root to do anything. No. DES -- Dag-Erling Smørgrav - d...@des.no ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
Re: / owned by bin causes sshd to complain bad ownership
Garance A Drosehn writes: > At one time I read that having directories/files owned by root was a > security benefit when considering the -maproot= for NFS exports. > All unix systems recognize UID=0 means root, and there is no other > UID which all unix systems agree on. Disclaimer: I rarely use NFS, > so I don't really pay attention to the details. I may have the wrong > idea for what the advantage is, but it was some kind of connection > with UID=0 and NFS exports or imports. -maproot=foo means that requests coming from root on the client are treated as if the came from the user "foo" instead. If binaries are owned by bin, root on the client can su to bin and modify them. If they are owned by root and the server maps root to an unprivileged user (e.g. "nobody"), root on the client can't touch them. DES -- Dag-Erling Smørgrav - d...@des.no ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
Re: / owned by bin causes sshd to complain bad ownership
Hi, Reference: > From: Fahad > Date: Fri, 22 Jun 2012 10:24:55 -0700 > Message-id: <4fe4aa67.4060...@budacom.net> Fahad wrote: > As Mark put it, if everything is owned by bin you would need to be root > to do anything. False. most bins have o+rx eg -r-xr-xr-x 1 root wheel 8680 Jun 22 20:08 /usr/bin/wc* Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Reply below not above, cumulative like a play script, & indent with "> ". Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable. Mail from @yahoo dumped @berklix. http://berklix.org/yahoo/ ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
Re: / owned by bin causes sshd to complain bad ownership
> If you look hard enough you will can find the v5root.tar.gz from 1974 on > unixarchive.cn-k dot de or some other mirrors ;) http://unixarchive.cn-k.de/PDP-11/Distributions/research/Dennis_v5/ This looks an interesting site, Thanks Olli :-) Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Reply below not above, cumulative like a play script, & indent with "> ". Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable. Mail from @yahoo dumped @berklix. http://berklix.org/yahoo/ ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
