Date: Wed, 3 Nov 1999 17:56:21 -0500 (EST) From: Bill Pechter <pechter@pechter.dyndns.org> To: robert+freebsd@cyrus.watson.org Cc: freebsd-security@freebsd.org Subject: My 2 cents on uustat Message-ID: <199911032256.RAA07926@pechter.dyndns.org> In-Reply-To: <Pine.BSF.3.96.991103122522.35508K-100000@fledge.watson.org> from Robert Watson at "Nov 3, 1999 12:29:38 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> Hmm. Well, the old security hole in the sandbox that I reported, that root > ran uustat each day, has now been fixed (at least, in 3.3 it has been). > However, I don't like that /usr/bin/uustat is still owned by UUCP, and > appears in the default path for root and others. Really, if a binary is > not owned by a privileged account, it should not be in the default system > path, rather in some obscure subdirectory where a user has to > intentionally go find it, in my opinion. :-) > > > Robert N M Watson > I hate to argue this one, but I'm probably one of the last UUCP proponants... So... uustat is supposed to be a user level program, run to check whether your file tranfer is still in progress, queued. It also allows you to cancel your pending transfer. From the SunOS 4.1.x manual... uustat displays the status of, or cancels, previously speci- fied uucp(1C) commands. It also reports the status of uucp connections to other systems. When no options are given, uustat displays the status of all uucp requests issued by the current user. This looks like a program that should be a user level program in the user's normal path (unless UUCP is not installed). Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911032256.RAA07926>