128 – default owners of system directories is a security hole

Bug 128 - default owners of system directories is a security hole

Summary: default owners of system directories is a security hole

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	misc (show other bugs)
Version:	2.0-RELEASE
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	freebsd-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	1995-01-14 04:30 UTC by David Muir Sharnoff
Modified:	1995-01-14 04:30 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description David Muir Sharnoff 1995-01-14 04:30:00 UTC

	After my install, /usr/bin was owned by user bin.

	Non-root ownership of system directories + NFS == any other
	system's root can become root.

Comment 1 nate freebsd_committer

1995-04-22 18:29:58 UTC

State Changed
From-To: open->closed

NFS is a security hole in any case, so if you export your FS read-write you 
are asking for trouble.  Solution is to not export any FS you are concerned 
about read-write.