[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

tightening root program modes

To: tech@openbsd.org
Subject: tightening root program modes
From: Matthew Patton <matthew.patton@ra.pae.osd.mil>
Date: Wed, 10 Mar 1999 14:10:33 -0500

Some of you may have seen the little thread on smtp(fwd)d being mode 500
and why. The question is:

Does it make any sense (or even worth our while) to mark all programs
that only root can possibly execute as mode 500 instead of the default
555? Yes, any program that gains increased security by virtue of going
500 is need of a rewrite. However, if only root is supposed to be
running it, why even pretend that others can?

If touching root programs is not considered useful, what to do about
smtpd and friends? Let it's currently unique situation continue? Or
bring it into compliance with the rest of the system?

Follow-Ups:
- Re: tightening root program modes
  - From: "Todd C. Miller" <Todd.Miller@courtesan.com>
- Re: tightening root program modes
  - From: Brian Somers <brian@Awfulhak.org>

Prev by Date: Bind with ProFTPd and OpenBSD 2.4
Next by Date: Re: tightening root program modes
Prev by thread: Bind with ProFTPd and OpenBSD 2.4
Next by thread: Re: tightening root program modes
Index(es):
- Date
- Thread