From owner-freebsd-security Fri Apr 2 11:47:16 1999 Delivered-To: freebsd-security@freebsd.org Received: from host07.rwsystems.net (kasie.rwsystems.net [209.197.192.103]) by hub.freebsd.org (Postfix) with ESMTP id A814D14F76 for ; Fri, 2 Apr 1999 11:47:08 -0800 (PST) (envelope-from jwyatt@RWSystems.net) Received: from kasie.rwsystems.net([209.197.192.103]) (1502 bytes) by host07.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Fri, 2 Apr 1999 13:42:03 -0600 (CST) (Smail-3.2.0.104 1998-Nov-20 #1 built 1998-Dec-24) Date: Fri, 2 Apr 1999 13:42:00 -0600 (CST) From: James Wyatt To: Andrew McNaughton Cc: Mike Holling , 0x1c , freebsd-security@FreeBSD.ORG Subject: Re: uucp home dir mode 777? In-Reply-To: <199904021403.CAA16855@aniwa.sky> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 3 Apr 1999, Andrew McNaughton wrote: > > > On my 2.2.8-REL box and my 3.1-REL box the modes for use uucp's home dir > > > are both 777. Is there any particular reasoning behind this? > > > > UUCP requires the "public" directory to be mode 777. If you don't use > > UUCP, you can get rid of it altogether. > > > > - Mike > > I don't use UUCP, and have disabled it. I have wondered though if this public > home dir was exploitable. > > There was discussion a while back about removing uucp from the base install > and putting it in a port instead. The only thing the public dir can really do is allow someone to fill up a filesystem. A frequently large one at that. I'd rather not see it become a port, but wouldn't mind shipping with anon UUCP disabled. Kinda like we do with anon FTP now. - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message