Path: utzoo!attcan!uunet!husc6!purdue!decwrl!sgi!vjs
From: vjs@rhyolite.SGI.COM (Vernon Schryver)
Newsgroups: comp.bugs.4bsd
Subject: Re: Installing 4.3-Tahoe on a VAX
Summary: hack warning
Message-ID: <21831@sgi.SGI.COM>
Date: 13 Sep 88 17:26:24 GMT
References: <26049@ucbvax.BERKELEY.EDU> <5416@zodiac.UUCP> <2841@jpl-devvax.JPL.NASA.GOV>
Sender: daemon@sgi.SGI.COM
Organization: Silicon Graphics Inc, Mountain View, CA
Lines: 18

In article <2841@jpl-devvax.JPL.NASA.GOV>, lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall) writes:
  (concerning bin owning things)
> Not to mention NFS.  You let me mount a /usr filesystem read/write with
> directories owned by "bin" and you've just destroyed any semblance of
> security.  Not that NFS is all that secure to begin with...

People tend to just stuff all file systems into /etc/exports, without
bothering to mark them read-only.  They tend to put '+' in hosts.equiv.
That works fine as long as root owns everything of power, since the
defaults have root not going thru hosts.equiv and being converted to some
notion of 'nobody' over NFS.

There is the new 'read-most' stuff in /etc/exports, but how many will use
it?  How many will use 'nohide' and simply export /?

It may be possible to put together a secure system with bin owning things
(as secure as any UNIX system), but it certainly requires more care than
most users/adminsistrators are willing or able to give.