cvs commit: src/etc Makefile src/etc/isdn Makefile
David O'Brien
obrien at FreeBSD.org
Sun Aug 17 20:02:56 PDT 2003
On Mon, Aug 18, 2003 at 12:34:50PM +1000, Bruce Evans wrote:
> On Sun, 17 Aug 2003, David E. O'Brien wrote:
> > Modified files:
> > etc Makefile
> > etc/isdn Makefile
> > Log:
> > Don't hardcode owner 'root' and group 'wheel'.
> >
> > Submitted by: Ulrich Spoerlein <q at uni.de>
>
> This needs more thought. The owner was hardcoded to root for ppp at
> least for much the same reason that the owner of the ppp binary and
> all (?) other setuid binaries is forced to be root: only root should
> be able to read it. The ownership shouldn't be hard-coded, but it
> shouldn't be ${BINOWN}:${BINGRP} either, so that overriding the defaults
> for BINOWN and BINGRP doesn't automatically open security holes.
At this point I don't think we can safely set BINOWN to anything other
than 'root'. This isn't the first Makefile to assume BINOWN was root
from a security POV.
--
-- David (obrien at FreeBSD.org)
More information about the cvs-src
mailing list