Xref: utzoo comp.unix.questions:9509 comp.bugs.sys5:600
Path: utzoo!attcan!uunet!munnari!mimir!hugin!augean!sirius!eco!nt!levels!ccdn
From: ccdn@levels.sait.edu.au (DAVID NEWALL)
Newsgroups: comp.unix.questions,comp.bugs.sys5
Subject: Re: SVR3 passwd changes mode of passwd file
Message-ID: <384@levels.sait.edu.au>
Date: 28 Sep 88 13:53:21 GMT
References: <3394@dunkshot.mips.COM> <344@stiatl.UUCP> <4827@cbmvax.UUCP>
Organization: South Australian Institute of Technology
Lines: 17

In article <4827@cbmvax.UUCP>, ditto@cbmvax.UUCP (Michael "Ford" Ditto) writes:
> The complaint here is not about security or lack thereof, it's about
> programs undoing the system administrator's actions.
>
> Where should this "enforced security" end?  Should /bin/passwd also
> chmod / to 555 mode as well?  And what about /etc/?  Should "ls"
> remove world write permission from /dev/mem if it happens to discover
> it?

I haven't got the sources, so I don't know for sure...  I imagine passwd
writes a _brand new_ copy of /etc/passwd.  So it's not a case of passwd
"happening to discover" that the mode isn't 444.  On the contrary, it's a
case of passwd not noticing that the mode is other than 444.
-------------------------------------------------------------------------
David Newall                                 Phone:  +61 8 343 3160
South Australian Institute of Technology     Fax:    +61 8 349 6939
The Levels, South Australia, 5095            E-mail: ccdn@pisa.sait.oz.AU