Path: utzoo!attcan!uunet!husc6!rutgers!gatech!mcdchg!usenet From: mouse@Larry.McRCIM.McGill.EDU (der Mouse) Newsgroups: comp.unix Subject: Re: unix security program Keywords: unix security Message-ID: <10322@mcdchg.UUCP> Date: 13 Jun 88 18:17:38 GMT References: <4625@mcdchg.UUCP> <7971@mcdchg.UUCP> <10102@mcdchg.UUCP> Sender: usenet@mcdchg.UUCP Lines: 41 Approved: usenet@mcdchg.UUCP In article <10102@mcdchg.UUCP>, jona@moss.ATT.COM (Jon M. Allingham) writes: > In article <7971@mcdchg.UUCP> usenet@mcdchg.UUCP writes: >> The permissions check program requires you to set up a list of >> permissions, the ones given are not the most secure, for example: >> /bin 555 dr-xr-xr-x >> If you want security why let users cd to or ls /bin, better to set >> the permissions : >> /bin 111 d--x--x--x If you want security you don't want UNIX. If you must have UNIX and you want to come as close as you can, there are many other things to mess with before worrying about users being able to cd to /bin. Tell me, what are you afraid they'll do once they're there? > I would be very annoyed if I couldn't do an ls on /bin (etc.), that > would also mean that programs such as "whereis" (search through your > path to find an executable) wouldn't work either [...] I'd be annoyed too. But, not to defend mode 111 for /bin or anything, a program that runs along your path looking for an executable will work perfectly well if the directories are mode 111. After all, the shell itself does precisely this when you type a command name. (The csh hashes, yes, but that's a detail.) The point is that if you know the name of the file you're looking for, the directory need only permit execute access, regardless of what you want to do with the file itself. > (unless [...] a suid group bin [...]... we don't really need more > suid programs either.) If you want security I don't think you can use the traditional setuid mechanisms. Almost no programs are sufficiently paranoid that they can safely be made setuid, and even in the few cases when the author(s) thought of everything, the available facilities are usually too weak to provide real security. A discussion of access() in some other group (comp.unix.wizards? I think that was it) batted this around and more or less concluded this some time ago.... der Mouse uucp: mouse@mcgill-vision.uucp arpa: mouse@larry.mcrcim.mcgill.edu