From: Sam <[EMAIL PROTECTED]>
:It is *not* "vendor convenience". Red Hat's Linux distribution is
:specifically designed to be as secure distribution as possible.
No offense, Sam, but I have to take issue with this comment. RH has
repeatedly proven itself to be one of the least secure Linux distributions.
This is mainly due to them slapping the suid bit on binaries that don't really
need it, and not keeping up to date with critical system components. In a
recent episode (the sysklogd buffer overflow), instead of releasing an updated
RPM with the newest version of sysklogd, they instead decided to release the
same version, patched with a 5-minute-hack patch which was posted to bugtraq
by a friend of mine. They were also caught with their pants down when the
mountd exploit came out recently; Other linux distros were running an updated
version of mountd which was not vulnerable.
Even a cursory search for "Redhat" on rootshell.com turns up almost three
times as many exploits as a search for "debian" or "slackware".
That being said, (and being obligated to at least make a feeble attempt at
staying on topic), I really can't think of a good reason to have UID's
compiled into a binary. It seems to be adding extra complexity where it's
just not necessary.
--Adam
