Subject: Re: Library permissions and security
To: None <cgd@postgres.Berkeley.EDU>
From: Stephen J. Roznowski <sjr@zombie.ncsc.mil>
List: current-users
Date: 03/28/1994 17:14:14
> From: "Chris G. Demetriou" <cgd@postgres.Berkeley.EDU>
> > A while ago, there was a discussion about gaining root access via suid
> > programs through exploiting libcrypt.so.*. Well, since the libraries
> > are installed with owner bin (group bin), it appears that if you are
> > able to become bin on a system, gaining root is trivial.
> 
> if you are able to gain user 'bin', you can do damn near anything
> you want.  have you looked at the ownership of /bin/sh lately?

No argument here.... Should the bsd.own.mk files be updated to install
stuff with owner root?

-SR

------------------------------------------------------------------------------