Installing 4.3-Tahoe on a VAX
Chris Torek
chris at mimsy.UUCP
Mon Sep 12 07:07:41 AEST 1988
>In article <4790 at saturn.ucsc.edu> haynes at saturn.ucsc.edu
>(Jim Haynes - Computer Center) notes:
>>5. Being paranoid about security I've been going thru all the makefile
>>and changing modes from 755 to 711 for all the programs except shell
>>scripts. Also changing the owner from bin to root - this is something
>>of a philosophical issue, but I'd rather try to protect root against
>>intrusion than root and bin both.
In article <26049 at ucbvax.BERKELEY.EDU> bostic at ucbvax.BERKELEY.EDU
(Keith Bostic) suggests that
>Since you can't log in as "bin" (it has no password) this shouldn't be an
>issue.
Not only that, but if you like, you can easily give `bin' uid 0 so that
the files are really owned by root.
The `-m 755' (I use `-m 555' for shell scripts, just so no one edits
the `binary' version of the script) is another matter; it might be nice
if install defaulted to not ignoring the umask. (Perhaps -m should
set the mode to arg&~umask(), while -M would set the mode to arg, so
that some Makefiles could explicitly override the umask. Or perhaps
they should be symbolic: `-m x' for ordinary binaries, `-m rx' for shell
scripts.) In any case, I would be happier if this information were
in only one place, rather than being duplicated throughout every
makefile in /usr/src.
--
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163)
Domain: chris at mimsy.umd.edu Path: uunet!mimsy!chris
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list