Path: utzoo!attcan!uunet!seismo!sundc!pitstop!sun!amdcad!ames!mailrus!purdue!i.cc.purdue.edu!j.cc.purdue.edu!mace.cc.purdue.edu!dls
From: dls@mace.cc.purdue.edu (David L Stevens)
Newsgroups: comp.bugs.4bsd
Subject: Re: Installing 4.3-Tahoe on a VAX
Message-ID: <624@mace.cc.purdue.edu>
Date: 14 Sep 88 18:15:56 GMT
References: <5415@zodiac.UUCP> <10477@ncc.Nexus.CA> <5432@zodiac.UUCP>
Reply-To: dls@mace.cc.purdue.edu.UUCP (David L Stevens)
Organization: PUCC UNIX Group
Lines: 16


	And, of course:

	1) You can turn off the root->nobody mapping. If you can't trust
the safety of root across an NFS link, why on Earth should every other
user be trusted?? Especially if root doesn't own the binaries; you're
just asking for trojan horses.

	2) You can use find(1) to search for set{u,g}id bits as easily as
for any particular id; also for the r/w/x permissions, so the root ownership
per se doesn't make such searches any easier.

	You clearly have to protect "bin" as much as "root", so why even
have them be separate?
-- 
					+-DLS  (dls@mace.cc.purdue.edu)