Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!snorkelwacker.mit.edu!apple!olivea!tymix!cirrusl!sunstorm!dhesi
From: dhesi%cirrusl@oliveb.ATC.olivetti.com (Rahul Dhesi)
Newsgroups: comp.unix.internals
Subject: Re: Complex security mechanism is unsecure
Message-ID: <2826@cirrusl.UUCP>
Date: 20 Dec 90 04:17:09 GMT
References: <6922@titcce.cc.titech.ac.jp> <18826@rpp386.cactus.org> <18827@rpp386.cactus.org> <6948@titcce.cc.titech.ac.jp> <18840@rpp386.cactus.org> <6959@titcce.cc.titech.ac.jp>
Sender: news@cirrusl.UUCP
Organization: Cirrus Logic Inc.
Lines: 12

I think many of you are missing the point of having files owned by
root.

When root owns files, and keeps them publicly unwritable, nobody else
can mess with them.  If you let anybody else own files, you are giving
that user permission to change those files too.  If root ever uses a
file owned by somebody else, there's a security problem.

Hence for better security, root should own all files that it uses.
--
Rahul Dhesi <dhesi%cirrusl@oliveb.ATC.olivetti.com>
UUCP:  oliveb!cirrusl!dhesi