Re: Preparing Debian for using capabilities: file ownership.

To: Joey Hess <joeyh@debian.org>
Cc: Nicolás Lichtmaier <nick@debian.org>, debian-policy@lists.debian.org
Subject: Re: Preparing Debian for using capabilities: file ownership.
From: cwitty@newtonlabs.com (Carl R. Witty)
Date: 26 Sep 2000 15:12:29 -0700
Message-id: <[🔎] v4j8zseyf8y.fsf@bogomips.newtonlabs.com>
In-reply-to: Joey Hess's message of "Tue, 26 Sep 2000 14:49:55 -0700"
References: <[🔎] 20000920222406.B426@debian.org> <[🔎] 8qgqc9$sd7$1@enterprise.cistron.net> <[🔎] 20000923010717.A701@debian.org> <[🔎] 969695071.2762c631@debian.org> <[🔎] 20000923161918.A3309@debian.org> <[🔎] 20000926144955.A3801@kitenet.net>

Joey Hess <joeyh@debian.org> writes:

> Nicolás Lichtmaier wrote:
> >  Your point is so obvious. duh... how did I miss that?
> >  Of course that cracking bin would be like cracking root...!
>
> This is not an issue if
>
> a) bin has no passowrd so people cannot log in as bin
> and
> b) nothing on the system is suid bin

There is at least one way in which root is less vulnerable than bin to
cracking.  If your machine has files exported via NFS with
root_squash, then somebody who cracks root on a client machine can
modify files owned by bin on your machine, but not files owned by
root.  There may be other similar security measures aimed at
protecting root in particular.

Carl Witty

Reply to:

Follow-Ups:
- Re: Preparing Debian for using capabilities: file ownership.
  - From: Joey Hess <joeyh@debian.org>

References:
- Preparing Debian for using capabilities: file ownership.
  - From: Nicolás Lichtmaier <nick@debian.org>
- Re: Preparing Debian for using capabilities: file ownership.
  - From: miquels@cistron.nl (Miquel van Smoorenburg)
- Re: Preparing Debian for using capabilities: file ownership.
  - From: Nicolás Lichtmaier <nick@debian.org>
- Re: Preparing Debian for using capabilities: file ownership.
  - From: Raul Miller <moth@debian.org>
- Re: Preparing Debian for using capabilities: file ownership.
  - From: Nicolás Lichtmaier <nick@debian.org>
- Re: Preparing Debian for using capabilities: file ownership.
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Re: Preparing Debian for using capabilities: file ownership.
Next by Date: Re: Preparing Debian for using capabilities: file ownership.
Previous by thread: Re: Preparing Debian for using capabilities: file ownership.
Next by thread: Re: Preparing Debian for using capabilities: file ownership.
Index(es):
- Date
- Thread