From owner-freebsd-security  Sun Apr 19 23:52:13 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id XAA17886
          for freebsd-security-outgoing; Sun, 19 Apr 1998 23:52:13 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from dt050n33.san.rr.com (@dt050n33.san.rr.com [204.210.31.51])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA17870
          for <freebsd-security@FreeBSD.ORG>; Mon, 20 Apr 1998 06:52:03 GMT
          (envelope-from Studded@san.rr.com)
Received: from san.rr.com (Studded@localhost [127.0.0.1])
	by dt050n33.san.rr.com (8.8.8/8.8.8) with ESMTP id XAA17854;
	Sun, 19 Apr 1998 23:51:42 -0700 (PDT)
	(envelope-from Studded@san.rr.com)
Message-ID: <353AF07D.8131BBA8@san.rr.com>
Date: Sun, 19 Apr 1998 23:51:41 -0700
From: Studded <Studded@san.rr.com>
Organization: Triborough Bridge & Tunnel Authority
X-Mailer: Mozilla 4.05 [en] (X11; I; FreeBSD 2.2.6-STABLE i386)
MIME-Version: 1.0
To: Andrew McNaughton <andrew@squiz.co.nz>
CC: freebsd-security@FreeBSD.ORG
Subject: Re: suid/sgid programs
References: <v02120d03b16068197e61@[192.168.1.1]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

Andrew McNaughton wrote:

Someone else wrote:
> >It would probably be better to pull all of UUCP into a separate install
> >package, so users who don't use it could simply not install it.  

	I personally believe this is true of many portions of the base OS, but
I think it's especially important for those elements that use s[ug]id
bits.

> I'm one of said users who don't use UUCP, and so far haven't concerned
> myself with it much.  I presume there's no problem for me in removing the
> uucp group and user?  what else is solely related to uucp that I can throw
> out?

	I remove all elements of uucp from my tree and modify my makefiles
accordingly to not build them during make world. In case someone doesn't
know how this is done, look at
http://home.san.rr.com/freebsd/upgrade.html, towards the end of the
page. The one exception is /usr/src/lib/libutil/uucplock.c which if it's
not built some other part of the system crashes and burns... I don't
remember what it is off hand but if someone looks at surgically removing
uucp they should be aware of this dependency.

Hope this helps,

Doug

-- 
***         Chief Operations Officer, DALnet IRC network       ***
*** Proud designer and maintainer of the world's largest Internet
***    Relay Chat server with 5,328 simultaneous connections.
*** Try spider.dal.net on ports 6662-4    (Powered by FreeBSD)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message