From owner-freebsd-security Wed Dec 1 17:47:41 1999 Delivered-To: freebsd-security@freebsd.org Received: from zippy.cdrom.com (zippy.cdrom.com [204.216.27.228]) by hub.freebsd.org (Postfix) with ESMTP id 03C8A14C1C for ; Wed, 1 Dec 1999 17:47:39 -0800 (PST) (envelope-from jkh@zippy.cdrom.com) Received: from zippy.cdrom.com (localhost [127.0.0.1]) by zippy.cdrom.com (8.9.3/8.9.3) with ESMTP id RAA36936; Wed, 1 Dec 1999 17:47:25 -0800 (PST) (envelope-from jkh@zippy.cdrom.com) To: Brock Tellier Cc: Bill Swingle , security@FreeBSD.ORG Subject: Re: [Re: [btellier@USA.NET: Several FreeBSD-3.3 vulnerabilities] ] In-reply-to: Your message of "01 Dec 1999 13:02:57 MST." <19991201200257.17312.qmail@nwcst313.netaddress.usa.net> Date: Wed, 01 Dec 1999 17:47:25 -0800 Message-ID: <36932.944099245@zippy.cdrom.com> From: "Jordan K. Hubbard" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Personally, I don't think it is at all unreasonable to do a full 2700 port > install via sysinstall and audit the 200 or so suid-programs. I'm not arguing this at all, I'm simply saying that these issues should be brought up with the 200 or so maintainers of those suid-programs in ports. The security officer hasn't a prayer of addressing all of these and the core parts of FreeBSD as well and this is one of those areas where delegation and "distributed processing" is a necessity. Issues with ports need to be raised with the appropriate ports people. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message