Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1994_2

Bugtraq archives for 2nd quarter (Apr-Jun) 1994: Re: bin ownership problem

Re: bin ownership problem

Perry E. Metzger (perryimsi.com)
Thu, 19 May 1994 07:21:04 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: George Hodson: "Re: bin ownership problem"
Previous message: Casper Dik: "Re: bin ownership problem"
In reply to: Brian Parent: "bin ownership problem"
Next in thread: Bruce Gingery: "Re: bin ownership problem"

Brian Parent says:
> Ok, I'll expose my ignorance and ask, what is the specific vulnerability
> of bin owned files?  I understand how it is a problem on NFS exported
> files to insecure hosts, but what is the risk for files/dirs on a locally
> non-exported file system?  What about groups, is bin a bad group also?

1) Someday, your file system might end up being exported.
2) On many systems, breaking bin is easier than breaking root.

Perry

Next message: George Hodson: "Re: bin ownership problem"
Previous message: Casper Dik: "Re: bin ownership problem"
In reply to: Brian Parent: "bin ownership problem"
Next in thread: Bruce Gingery: "Re: bin ownership problem"