From owner-freebsd-security  Sun Apr 19 19:55:30 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id TAA20826
          for freebsd-security-outgoing; Sun, 19 Apr 1998 19:55:30 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from aniwa.sky (aniwa.actrix.gen.nz [203.96.56.186])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA20636
          for <freebsd-security@FreeBSD.ORG>; Mon, 20 Apr 1998 02:55:10 GMT
          (envelope-from andrew@squiz.co.nz)
Received: from [192.168.1.1] (cloud9.sky [192.168.1.1])
	by aniwa.sky (8.8.7/8.8.7) with SMTP id OAA00800
	for <freebsd-security@FreeBSD.ORG>; Mon, 20 Apr 1998 14:52:30 +1200 (NZST)
	(envelope-from andrew@squiz.co.nz)
X-Sender: andrew@pop.sky
Message-Id: <v02120d03b16068197e61@[192.168.1.1]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Mon, 20 Apr 1998 14:56:25 +1200
To: freebsd-security@FreeBSD.ORG
From: andrew@squiz.co.nz (Andrew McNaughton)
Subject: Re: suid/sgid programs
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

>It would probably be better to pull all of UUCP into a separate install
>package, so users who don't use it could simply not install it.  This
>way, the install package could install all of the UUCP binaries with the
>correct permissions, and users who don't need UUCP lower their suid/sgid
>impact.

I'm one of said users who don't use UUCP, and so far haven't concerned
myself with it much.  I presume there's no problem for me in removing the
uucp group and user?  what else is solely related to uucp that I can throw
out?

Is it a problem that the uucp user has by default a publicly writable home
directory?  or is this made irrelevant by it's shell being set to uucico?

Andrew McNaughton



DISCLAIMER: The Entire Physical Universe, Including      Andrew McNaughton
This Message, May One Day Collapse Back into an            ++64 4 389 6891
Infinitesimally Small Space. Should Another Universe    andrew@squiz.co.nz
Subsequently Re-emerge, the Validity of Statements  http://www.squiz.co.nz
in This Message Cannot Be Guaranteed.            http://www.newsroom.co.nz




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message