From owner-freebsd-stable  Thu Mar 28 14: 0:39 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from freebie.xs4all.nl (freebie.xs4all.nl [213.84.32.253])
	by hub.freebsd.org (Postfix) with ESMTP id 348C337B404
	for <stable@FreeBSD.ORG>; Thu, 28 Mar 2002 14:00:22 -0800 (PST)
Received: (from wkb@localhost)
	by freebie.xs4all.nl (8.11.6/8.11.6) id g2SM0AN28553;
	Thu, 28 Mar 2002 23:00:10 +0100 (CET)
	(envelope-from wkb)
Date: Thu, 28 Mar 2002 23:00:10 +0100
From: Wilko Bulte <wkb@freebie.xs4all.nl>
To: Christopher Schulte <schulte+freebsd@nospam.schulte.org>
Cc: Alan Clegg <alan@clegg.com>, stable@FreeBSD.ORG
Subject: Re: sendmail_enable NONE
Message-ID: <20020328230010.B28507@freebie.xs4all.nl>
References: <20020328163551.B77823@shell.wetworks.org> <20020327154948.26668.qmail@web11602.mail.yahoo.com> <20020327115442.C27253@shell.one.net> <000c01c1d5bb$38e336e0$11fd2fd8@westbend.net> <20020327200304.C43825@mail.webmonster.de> <20020328133020.B6416@hub.freebsd.org> <20020328163551.B77823@shell.wetworks.org> <20020328223826.F28059@freebie.xs4all.nl> <5.1.0.14.0.20020328154728.04ac2668@pop3s.schulte.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <5.1.0.14.0.20020328154728.04ac2668@pop3s.schulte.org>; from schulte+freebsd@nospam.schulte.org on Thu, Mar 28, 2002 at 03:51:50PM -0600
X-OS: FreeBSD 4.5-STABLE
X-PGP: finger wilko@freebsd.org
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

On Thu, Mar 28, 2002 at 03:51:50PM -0600, Christopher Schulte wrote:
> At 10:38 PM 3/28/2002 +0100, Wilko Bulte wrote:
> >Basically: binaries sitting on a disk are harmless (but take space) as
> >long as they don't get run.
> 
> Some local root exploits can be prevented if unused setuid binaries have 
> the bit removed.  Thus if sendmail is not used (but you want to keep the 
> binary around just in case) just chmod -s.

OK, but that applies to more than just sendmail. 

-- 
|   / o / /_  _   				wilko@FreeBSD.org
|/|/ / / /(  (_)  Bulte				Arnhem, the Netherlands
   We are FreeBSD.  Resistance is futile.  Prepare to be committed.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message