Path: utzoo!mnetor!tmsoft!torsqnt!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!udel!haven!mimsy!chris
From: chris@mimsy.umd.edu (Chris Torek)
Newsgroups: comp.unix.internals
Subject: bin (was Complex security mechanism is unsecure)
Message-ID: <28624@mimsy.umd.edu>
Date: 15 Dec 90 00:17:15 GMT
References: <1990Dec6.005358.6336@dg-rtp.dg.com> <109958@convex.convex.com> <6886@titcce.cc.titech.ac.jp>
Organization: U of Maryland, Dept. of Computer Science, Coll. Pk., MD 20742
Lines: 35

In article <6886@titcce.cc.titech.ac.jp>
mohta@necom830.cc.titech.ac.jp (Masataka Ohta) writes:
>The proper solution is to remove "bin", which is done on BSD UNIX.

Actually, all BSD releases have included a `bin' `system file owner'
that owns normal (not setuid) binaries.  With the new `make', however,
it is now trivial to remove `bin-ness':

	% cd /usr/src/share/mk
	% co -l *.mk			# assuming you use rcs
	% sh
	$ for i in *.mk; do
	ed - $i << end
	g/	bin/s//	0/		# this is <TAB>bin and <TAB>0
	g/games.bin/s//games.0/		# finish the job: games files
	w
	q
	end
	$ ^D% ci -u -m"change bin to user/group 0" *.mk
	% su
	<password>
	# make install
	# cd /usr/src
	# su bin
	% make
	<wait, read much output>
	% exit
	# make install
	<wait, read much output>

or, if you prefer, just make your `bin' be uid 0, gid 0 and (as above)
rebuild and reinstall everything.
-- 
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163)
Domain:	chris@cs.umd.edu	Path:	uunet!mimsy!chris