[776] in linux-security and linux-alert archive
Re: [linux-security] standard users,groups,perms?
daemon@ATHENA.MIT.EDU (Adam Prato)
Tue Jun 11 11:49:08 1996
Date: Sat, 8 Jun 1996 05:29:31 -0600 (MDT)
From: Adam Prato <adamp@mickey.ovid.com>
To: "Jeffrey J. Radice" <jjr@zilker.net>
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199606041939.OAA13424@oak.zilker.net>
On Tue, 4 Jun 1996, Jeffrey J. Radice wrote:
> most things simply root.wheel owned, or is there any benefit to splitting
> ownership into different levels of access? Is there anything I've left
> out? I also would like further information about standard permissions.
I dont know if this is a blanket statement and not an entirely worthwhile idea,
but IMO, I dont see why any 'system' executable should be owned by anything
other than root. Any 'special' access should have group executable /
(directory)writeable permissions.
I've found many ways on many os's to get elevated privilege, such as bin/sys
privileges, and since system files (ie, /usr and above, /sbin, /bin) were
group/user writeable by other than root, it is possible to replace these
executables with your own executables. If root ever runs this executable, then
you can get root privileges.
I apologize for any gramatical errors, or if this little opinion of mine wasn't
entirely eloquent, but its late and I need sleep
Adam