SUMMARY: Improving security: who should own /etc ?

From: Ole Holm Nielsen (ohnielse@ltf.dth.dk)
Date: Thu Mar 12 1992 - 23:30:22 CST


My original question:

>Our local security guru has given us some very convincing arguments why
>the /etc directory should NOT be owned by user "bin", as it is
>installed by the default SunOS installation. It is all too easy to
>masquerade as user bin, and thereby get write-access to the /etc
>directory, with all sorts of nasty security implications. The
>recommended ownership of /etc is "root".
>
>Before doing this security measure on all of our machines, I would like
>to know if changing the ownership of /etc to "root" has any adverse
>effects ? Does anybody out there run their system in this mode ?

The answers were unanimous: Get the Sun patch 100103-10, which is a
script setting the permissions etc. of lots of files to more secure values.
I got my copy from princeton.edu in pub/sun-fixes/sunos4.1.1.
The README file goes like this:

Patch-ID# 100103-10
Keywords: security
Synopsis: SunOS 4.1.1, 4.1:script to change file permissions to a more secure mode
Date: 30-Sept-91
 
SunOS release: 4.1 4.1.1
 
Unbundled Product:
 
Unbundled Release:
 
Topic:
 
BugId's fixed with this patch: 1046817 1047044 1048142 1054480 1037153 1039292 1042662

Architectures for which this patch is available: sun3, sun3x, sun4, sun4c

Obsoleted by: 5.0

Problem Description:
        File permissions on numerous files were set incorrectly in the build
        tape of 4.1 FCS. This script changes them back to what they should
        be.

INSTALL::

MUST be run as root.

        # chmod 710 4.1secure.sh (restrict execution to root)
        # sh 4.1secure.sh (run the script)

My thanks go to these people:
ivan@fac.anu.edu.au (Ivan Dean)
bws900@cscgpo.anu.edu.au (Bede W P Seymour)
"John D. Barlow" <John.D.Barlow@arp.anu.edu.au>
pln@egret1.Stanford.EDU (Patrick L. Nolan)
Travis L Priest <travis@cs.odu.edu>
jonw@assip.csasyd.oz.au (Jon Gilbert Wright)
barron@cs.uchicago.edu (Tom Barron)
Steinar Haug <Steinar.Haug@delab.sintef.no>
Reino de Boer <sysrb@cs.few.eur.nl>

Thanks, once again, for this marvelous list !
Ole
 
Ole Holm Nielsen
Laboratory of Applied Physics, Building 307
Technical University of Denmark, DK-2800 Lyngby, Denmark
E-mail: Ole.Holm.Nielsen@ltf.dth.dk
Telephone: (+45) 42 88 24 88 ext. 3187
Telefax: (+45) 45 93 23 99
Permanent address:
UNI-C, Building 305
Technical University of Denmark, DK-2800 Lyngby, Denmark
E-mail: Ole.H.Nielsen@uni-c.dk
Telephone: (+45) 42 88 39 99 (dial-tone) 2404 or 2244



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:39 CDT