On Tue, 28 Jul 1998 19:09:36 -0400 (EDT)  Jim Wise wrote:

> On Tue, 28 Jul 1998, Todd Vierling wrote:
> 
> >On Wed, 29 Jul 1998, Dave Sainty wrote:
> >
> >: newsyslog is explicitly installed with BINOWN root.  This seems
> >: pointless as it isn't setuid.  Is there a deeper meaning for this, or
> >: is it just an oversight?
> >
> >This was changed in the interest of security a while ago (as were all other
> >binaries using BINOWN):  installing trojans is far easier on systems where
> >you may be able to get access as a user other than root and overwrite bins
> >that aren't owned by root.
> 
> I hate to kick the embers back up, but isn't this really be an all
> or nothing sort of thing?  I understand that newsyslog is owned by root
> b/c it's in root's crontab, but if newsyslog, then why not compress(1),
> which newsyslog exec()s (with a relative path, I might add)? Or how
> about ls(1) or cat(1) which root execs daily?  Pretty soon you realise
> that this only really buys you anything if you make root own everything,
> which may be valid, but is not the same thing.

Given that bsd.own.mk currently has the following:

	BINGRP?=        wheel
	BINOWN?=        root

and src/usr.bin/Makefile.inc doesn't override this, is this necessary
anyway?  Sounds like clean-up time.  I'll start looking...

Simon.