From owner-freebsd-audit  Sat Sep  8 19: 3:15 2001
Delivered-To: freebsd-audit@freebsd.org
Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4A7B337B408; Sat,  8 Sep 2001 19:03:09 -0700 (PDT)
Received: (from ache@localhost)
	by nagual.pp.ru (8.11.6/8.11.6) id f8921j034731;
	Sun, 9 Sep 2001 06:01:45 +0400 (MSD)
	(envelope-from ache)
Date: Sun, 9 Sep 2001 06:01:44 +0400
From: "Andrey A. Chernov" <ache@nagual.pp.ru>
To: Kris Kennaway <kris@obsecurity.org>
Cc: "Todd C. Miller" <Todd.Miller@courtesan.com>,
	Matt Dillon <dillon@earth.backplane.com>,
	Jordan Hubbard <jkh@FreeBSD.ORG>, security@FreeBSD.ORG,
	audit@FreeBSD.ORG
Subject: Re: Fwd: Multiple vendor 'Taylor UUCP' problems.
Message-ID: <20010909060144.B34519@nagual.pp.ru>
References: <5.1.0.14.0.20010908153417.0286b4b8@192.168.0.12> <200109082103.f88L3fK29117@earth.backplane.com> <20010908154617.A73143@xor.obsecurity.org> <20010908170257.A82082@xor.obsecurity.org> <20010908174304.A88816@xor.obsecurity.org> <20010909045226.A33654@nagual.pp.ru> <20010908180848.A94567@xor.obsecurity.org> <200109090120.f891KvM14677@xerxes.courtesan.com> <20010909054457.A34319@nagual.pp.ru> <20010908185602.B5619@xor.obsecurity.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="E39vaYmALEf/7YXx"
Content-Disposition: inline
In-Reply-To: <20010908185602.B5619@xor.obsecurity.org>
User-Agent: Mutt/1.3.21i
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-audit.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-audit>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-audit>
X-Loop: FreeBSD.ORG


--E39vaYmALEf/7YXx
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Sep 08, 2001 at 18:56:02 -0700, Kris Kennaway wrote:
>=20
> That doesn't protect NFS-mounted systems, and doesn't prevent

Don't have ideas about NFS. Is schg not works there?

> arbitrary users from reading/modifying the UUCP spool files.

It is bad design of UUCP, it is not our problem. Moreover, it can't be
fixed easily without total UUCP redesign. See my prev. message explaining
it more.

--=20
Andrey A. Chernov
http://ache.pp.ru/

--E39vaYmALEf/7YXx
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia

iQCVAwUBO5rNiOJgpPLZnQjrAQENHQP7BVdBvd1NFKrGNyo7J9NOaEa0gN+810OI
wj2bUrvGlDD/Q5wJAVwzxzxKcVwLaWEuO/3zGDp8yu3XZQsoHWYH4LdUdbYFmWCn
vWdyKWxMbNBvATPblHt2GSQ/iHLZthMnCzlKPdQlF+d10Wi8Bup09GgRqkQOgolV
+zCwVw7PqbE=
=4hb3
-----END PGP SIGNATURE-----

--E39vaYmALEf/7YXx--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message