From owner-freebsd-security Mon Apr 20 07:01:45 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA24831 for freebsd-security-outgoing; Mon, 20 Apr 1998 07:01:45 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from RWSystems.net (root@rwsystr.RWSystems.net [204.251.23.1]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id OAA24724 for ; Mon, 20 Apr 1998 14:01:06 GMT (envelope-from jwyatt@rwsystr.RWSystems.net) Received: from rwsystr.RWSystems.net by RWSystems.net with smtp (Smail3.1.29.1 #3) id m0yRH30-0001NwC; Mon, 20 Apr 98 08:55 CDT Date: Mon, 20 Apr 1998 08:55:47 -0500 (CDT) From: James Wyatt To: freebsd-security@FreeBSD.ORG cc: fpscha@schapachnik.com.ar, robert+freebsd@cyrus.watson.org, Niall Smart Subject: Re: suid/sgid programs In-Reply-To: <199804191452.PAA00588@indigo.ie> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by hub.freebsd.org id OAA24749 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk On Sun, 19 Apr 1998, Niall Smart wrote: > On Apr 19, 12:26am, "Fernando P. Schapachnik" wrote: > } Subject: Re: suid/sgid programs > > En un mensaje anterior Robert Watson escribi˘: > > [...] > > > We note also that a fairly large chunk of suid/sgid programs are UUCP > > > programs -- something that a majority of FreeBSD users (I would guess?) do > > > not use. In terms of reducing risk, disabling suid/sgid on these programs > > Don't be so sure. FreeBSD boxes are an excellent choice for UUCP servers. > > Actually I have a few running (and planning to install more). > I think the point he was making was that most users don't use UUCP, and > therefore we shouldn't be shipping UUCP related utilities with set[ug]id > bits. Presumably if you can configure UUCP you can use chmod. I thought we were after suid/sgid programs that had kernel risks (like suid root or sgid kmem). What does s[ug]id uucp impact outside of the uucp core files? Your inbound/outbound password files might be useful for password hacking or getting free service, but what else? btw: I really dislike the "We can make this stronger by %s and if you don't like it or need it undone, you can %s" arguements. They peel-off useful subsystems and factionalize us. I still use UUCP a lot here in the states for unmetered full-domain email support. Works nicely and lets me remote-admin much cheaper. Thanks - James To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message