From owner-freebsd-security  Sun Apr 19 19:12:36 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id TAA09352
          for freebsd-security-outgoing; Sun, 19 Apr 1998 19:12:36 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from mail.xmission.com (mail.xmission.com [198.60.22.22])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id CAA09319
          for <freebsd-security@freebsd.org>; Mon, 20 Apr 1998 02:12:29 GMT
          (envelope-from softweyr@xmission.com)
Received: from slc402h.modem.xmission.com (xmission.com) [166.70.2.148] 
	by mail.xmission.com with esmtp (Exim 1.82 #2)
	id 0yR64D-0007CW-00; Sun, 19 Apr 1998 20:12:21 -0600
Message-ID: <353AAFE9.9D0A61FF@xmission.com>
Date: Sun, 19 Apr 1998 20:16:09 -0600
From: Wes Peters <softweyr@xmission.com>
Organization: Softweyr LLC
X-Mailer: Mozilla 4.04 [en] (X11; I; FreeBSD 2.2.5-RELEASE i386)
MIME-Version: 1.0
To: Marc Slemko <marcs@znep.com>
CC: Niall Smart <rotel@indigo.ie>, freebsd-security@FreeBSD.ORG
Subject: Re: suid/sgid programs
References: <Pine.BSF.3.95.980419094941.16057k-100000@alive.znep.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

Marc Slemko wrote:
> 
> On Sun, 19 Apr 1998, Niall Smart wrote:
> > I think the point he was making was that most users don't use UUCP, and
> > therefore we shouldn't be shipping UUCP related utilities with set[ug]id
> > bits.  Presumably if you can configure UUCP you can use chmod.
> 
> Erm... that is an extremely poor policy.  Figuring out what needs to be
> setuid or setgid to what isn't trivial.  I'm not sure what you are trying
> to save here.  What is the real issue if someone compromises the user or
> group uucp?  I guess that uucico, which is setgid to dialer, gives them
> something.  If they compromise the uucp uid then they can mess with the
> uuucp binaries which someone may try to run sometime for some reason, but
> I really don't see how it is enough to warrant shipping broken programs.

It would probably be better to pull all of UUCP into a separate install
package, so users who don't use it could simply not install it.  This
way, the install package could install all of the UUCP binaries with the
correct permissions, and users who don't need UUCP lower their suid/sgid
impact.

-- 
       "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                 Softweyr LLC
http://www.softweyr.com/~softweyr                      wes@softweyr.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message