Date: Mon, 20 Apr 1998 11:38:56 -0400 (EDT) From: woods@zeus.leitch.com (Greg A. Woods) To: freebsd-security@FreeBSD.ORG Subject: Re: suid/sgid programs Message-ID: <199804201538.LAA13125@brain.zeus.leitch.com> In-Reply-To: Fernando P. Schapachnik's message of "Sun, April 19, 1998 00:26:54 -0300" regarding "Re: suid/sgid programs" id <199804190326.AAA00487@localhost.schapachnik.com.ar> References: <Pine.BSF.3.96.980418120221.15725B-300000@trojanhorse.pr.watson.org> <199804190326.AAA00487@localhost.schapachnik.com.ar>
next in thread | previous in thread | raw e-mail | index | archive | help
[ On Sun, April 19, 1998 at 00:26:54 (-0300), Fernando P. Schapachnik wrote: ] > Subject: Re: suid/sgid programs > > En un mensaje anterior Robert Watson escribi˘: > [...] > > We note also that a fairly large chunk of suid/sgid programs are UUCP > > programs -- something that a majority of FreeBSD users (I would guess?) do > > not use. In terms of reducing risk, disabling suid/sgid on these programs > > Don't be so sure. FreeBSD boxes are an excellent choice for UUCP servers. Indeed. And they are particularly relevant w.r.t. discussions about "hardening". Anyone who has ever wanted more explicit control over remote file transfer and job execution, with good auditing and error handling and recovery, should consider using UUCP over TCP instead of the r* suite of tools (or even ssh, which in theory could be used as a transport for uucp thus providing the best of both worlds). -- Greg A. Woods +1 416 443-1734 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804201538.LAA13125>