Re: bin ownership problem

[casper () fwi uva nl (Casper Dik)]

> Ok, I'll expose my ignorance and ask, what is the specific vulnerability
> of bin owned files?  I understand how it is a problem on NFS exported
> files to insecure hosts, but what is the risk for files/dirs on a locally
> non-exported file system?  What about groups, is bin a bad group also?

Apart from the problem with NFS exports, there might be a second problem:
an easy way to become root from being that other user.  Root should
own all files it executaes and all directories they are contained in
or an easy transition from user (e.g. bin) to root is possible.

There have been a number of bugs/configuration errors that make
it possible for a cracker to become any user but root.  On systems
with certain files (e.g., /bin/sh) /directories (e.g., /etc) owned by bin,
an easy path to root is provided.

Group ownership is an other matter entirely, as long as the files/dirs
don't have group write permission.  Unfortunately, some systems ship
like that.  E.g., Solaris 2.x ships with mode 775 /etc and far to man
other files as well.  A script to fix many of Solaris' faulty modes
while still maintaining the ability to install patches can be found
in ftp.fwi.uva.nl:/pub/solaris/auto-install/*.

Casper