Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 20 Apr 1998 08:55:47 -0500 (CDT)
From:      James Wyatt <jwyatt@rwsystr.RWSystems.net>
To:        freebsd-security@FreeBSD.ORG
Cc:        fpscha@schapachnik.com.ar, robert+freebsd@cyrus.watson.org, Niall Smart <rotel@indigo.ie>
Subject:   Re: suid/sgid programs
Message-ID:  <Pine.LNX.3.91.980420084647.19730A-100000@rwsystr.RWSystems.net>
In-Reply-To: <199804191452.PAA00588@indigo.ie>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sun, 19 Apr 1998, Niall Smart wrote:
> On Apr 19, 12:26am, "Fernando P. Schapachnik" wrote:
> } Subject: Re: suid/sgid programs
> > En un mensaje anterior Robert Watson escribi˘:
> > [...]
> > > We note also that a fairly large chunk of suid/sgid programs are UUCP
> > > programs -- something that a majority of FreeBSD users (I would guess?) do
> > > not use.  In terms of reducing risk, disabling suid/sgid on these programs
> > Don't be so sure. FreeBSD boxes are an excellent choice for UUCP servers. 
> > Actually I have a few running (and planning to install more).
> I think the point he was making was that most users don't use UUCP, and
> therefore we shouldn't be shipping UUCP related utilities with set[ug]id
> bits.  Presumably if you can configure UUCP you can use chmod.

I thought we were after suid/sgid programs that had kernel risks (like 
suid root or sgid kmem). What does s[ug]id uucp impact outside of the 
uucp core files? Your inbound/outbound password files might be useful for 
password hacking or getting free service, but what else?

btw: I really dislike the "We can make this stronger by %s and if you 
don't like it or need it undone, you can %s" arguements. They peel-off 
useful subsystems and factionalize us. I still use UUCP a lot here in the 
states for unmetered full-domain email support. Works nicely and lets me 
remote-admin much cheaper.

Thanks - James

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.91.980420084647.19730A-100000>