Date: Sun, 9 Sep 2001 05:59:03 +0400 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Kris Kennaway <kris@obsecurity.org> Cc: "Todd C. Miller" <Todd.Miller@courtesan.com>, Matt Dillon <dillon@earth.backplane.com>, Jordan Hubbard <jkh@FreeBSD.ORG>, security@FreeBSD.ORG, audit@FreeBSD.ORG Subject: Re: Fwd: Multiple vendor 'Taylor UUCP' problems. Message-ID: <20010909055903.A34519@nagual.pp.ru> In-Reply-To: <20010908185415.A5619@xor.obsecurity.org> References: <5.1.0.14.0.20010908153417.0286b4b8@192.168.0.12> <200109082103.f88L3fK29117@earth.backplane.com> <20010908154617.A73143@xor.obsecurity.org> <20010908170257.A82082@xor.obsecurity.org> <20010908174304.A88816@xor.obsecurity.org> <20010909045226.A33654@nagual.pp.ru> <20010908180848.A94567@xor.obsecurity.org> <200109090120.f891KvM14677@xerxes.courtesan.com> <20010908185415.A5619@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Sat, Sep 08, 2001 at 18:54:15 -0700, Kris Kennaway wrote: > > Yeah, thats probably a good change to make. However the uucp > vulnerability still lets e.g. arbitrary users read/modify uucp spool > data, create files, access the uucp:dialer devices, etc. All you mention is historical old-days uucp subsystem bad 'features', it is not fool proff and require ethic behaviour of its users. To eliminate this things main uucp developers must be contacted, because this things hardly integrated in normal usage flow and can't be deattached easily. I.e. it is not FreeBSD security problem but uucp problem (as designed). All we need is to protect uucp binaries from modifications (via schg). -- Andrey A. Chernov http://ache.pp.ru/ [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia iQCVAwUBO5rM5+JgpPLZnQjrAQGk7wP+O8XJJZhw/le2xxseELLWnHhRO6clY+o4 +36koQrNRLqq0b0dGOXTu4ARDVC+jCu5qPDH0y1lN58AwJm8Ltp57dR1sShac6sN jbjhAYF7ntRhJXccOSVzRel9v0lueUTNhIcSl+gnSNyPeRi6Mnxlec7S+SPemtaq 0UA4YnSLDSw= =S0J6 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010909055903.A34519>