From owner-freebsd-security  Sun Sep  9  1: 8:58 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16])
	by hub.freebsd.org (Postfix) with ESMTP id 0F8A537B401
	for <security@FreeBSD.ORG>; Sun,  9 Sep 2001 01:08:54 -0700 (PDT)
Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102])
	by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id SAA31956;
	Sun, 9 Sep 2001 18:08:44 +1000
Date: Sun, 9 Sep 2001 18:07:52 +1000 (EST)
From: Bruce Evans <bde@zeta.org.au>
X-X-Sender:  <bde@alphplex.bde.org>
To: Matt Dillon <dillon@earth.backplane.com>
Cc: Mike Tancsa <mike@sentex.net>, <security@FreeBSD.ORG>
Subject: Re: Fwd: Multiple vendor 'Taylor UUCP' problems.
In-Reply-To: <200109082045.f88KjjK29003@earth.backplane.com>
Message-ID: <20010909174638.Q3607-100000@alphplex.bde.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Sat, 8 Sep 2001, Matt Dillon wrote:

>     We should probably chflags all binaries that are not owned by root
>     but might be run by root 'schg'.  At the very least.  That's in
>     addition to any fix of the problem.  These binaries really have got
>     to be set 'schg'.
>
> -r-sr-sr-x   1 uucp  dialer  123888 Jul 23 22:22 cu
> -r-sr-xr-x   1 man   wheel    28512 Jul 23 22:22 man
> -r-xr-xr-x   1 uucp  dialer   38340 Jul 23 22:24 tip
   ^^^
> -r-sr-xr-x   1 uucp  wheel    88228 Jul 23 22:22 uucp
> -r-sr-xr-x   1 uucp  wheel    37312 Jul 23 22:22 uuname
> -r-sr-sr-x   1 uucp  dialer   96752 Jul 23 22:22 uustat
> -r-sr-xr-x   1 uucp  wheel    88844 Jul 23 22:22 uux
>
>     chflags schg /usr/bin/{cu,man,tip,uucp,uuname,uustat,uux}

tip isn't one of these.  It has bogus ownership in case the BINMODE in
its Makefile is uncommented.

I don't see how schg'ing these binaries makes them significantly more
secure.  These binaries are not writable by uucp.  They are writable
by root, but root can just as easily un-schg them as write them.

If schg'ing these binaries somhow helps, then it is probably also needed
for:

-r-sr-sr-x  1 uucp  dialer  -  550956 Aug 21 09:38 /usr/libexec/uucp/uucico
-r-sr-s---  1 uucp  uucp    -  425944 Aug 21 09:38 /usr/libexec/uucp/uuxqt

Bruce


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message