[786] in linux-security and linux-alert archive
Re: [linux-security] standard users,groups,perms?
daemon@ATHENA.MIT.EDU (Rogier Wolff)
Tue Jun 11 15:53:32 1996
To: linux-security@tarsier.cv.nrao.edu
Date: Tue, 11 Jun 1996 18:11:30 +0200 (MET DST)
In-Reply-To: <199606101744.NAA04720@cais2.cais.com> from "Joseph S. D. Yao" at Jun 10, 96 01:44:03 pm
From: R.E.Wolff@et.tudelft.nl (Rogier Wolff)
X-Return-receipt-to: wolff@cave.et.tudelft.nl
Instead of continuing this thread with personal preferences as "I
don't like roots homedir to be / or /root" and (currently)
security-unwise statements like "bin should be the owner of the
binaries", I'd like to make a suggestion.
The "Almighty" "root" account has lots of privileges.
(override filesystem permissions, access to IO ports, etc
etc.). This should be abolished.
To do this, every uid should get
a bitvector of privileges. Every "suser()" call in the
kernel should get mapped to one of the bits. The default
setup sets all of these bits to "enabled" for "root" and
"disabled" for all other users.
A secure setup would deminish the vector for "root"(?) and increase
it for other users. (e.g. the "bind to low ports" bit and the
"change uid to normal uids" bit should be on for "sendmail"
running as user "mailerdeamon") The login program only needs
change_uid (even to root? Maybe not. Abolish root logins!)
An interface for setting this info should be thought out.
I generally prefer something by writing to /proc files, but
most things are currenlty implemented through ioctls (although
Linus says he hates them....)
Someone needs to implement this. I'd recommend an 80 hour
lab-assignment for an OS class for this job......
Roger.