bin (was Complex security mechanism is unsecure)
Chris Torek
chris at mimsy.umd.edu
Sat Dec 15 11:17:15 AEST 1990
In article <6886 at titcce.cc.titech.ac.jp>
mohta at necom830.cc.titech.ac.jp (Masataka Ohta) writes:
>The proper solution is to remove "bin", which is done on BSD UNIX.
Actually, all BSD releases have included a `bin' `system file owner'
that owns normal (not setuid) binaries. With the new `make', however,
it is now trivial to remove `bin-ness':
% cd /usr/src/share/mk
% co -l *.mk # assuming you use rcs
% sh
$ for i in *.mk; do
ed - $i << end
g/ bin/s// 0/ # this is <TAB>bin and <TAB>0
g/games.bin/s//games.0/ # finish the job: games files
w
q
end
$ ^D% ci -u -m"change bin to user/group 0" *.mk
% su
<password>
# make install
# cd /usr/src
# su bin
% make
<wait, read much output>
% exit
# make install
<wait, read much output>
or, if you prefer, just make your `bin' be uid 0, gid 0 and (as above)
rebuild and reinstall everything.
--
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163)
Domain: chris at cs.umd.edu Path: uunet!mimsy!chris
More information about the Comp.unix.internals
mailing list