bin owns stuff (was: Installing 4.3-Tahoe on a VAX)
Vernon Schryver
vjs at rhyolite.SGI.COM
Tue Sep 13 09:43:00 AEST 1988
In article <5416 at zodiac.UUCP>, jordan at zooks.ads.com (Jordan Hayes) writes:
- Keith Bostic <bostic at BERKELEY.EDU> writes:
- Since you can't log in as "bin" (it has no password) this
- shouldn't be an issue.
-
- Yes, but root equivalence is governed by /.rhosts, but "bin" equiv. is
- governed by /etc/hosts.equiv ... and we all know that "rsh csh -i" is
- as good as "rlogin" for most tasks ...
Yes. Why change?
Some people, outside BSD, have long thot everything should be owned by
'bin' and not uid=0. This belief seems common in System V land.
Someone long gone from SGI brought it to IRIS's. I have had occassion
while working in SGI's internal network to exploit variations of this
hole--the usual case where someone is absent but their machine is doing
terrible things to the net, not receiving mail, or whatever. Having
bin own things is a Bad Idea if you want to keep people out. Is there
some risk with making root own everything?
Vernon Schryver
Silicon Graphics
vjs at sgi.com
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list