From owner-freebsd-security  Mon Apr 20 08:52:02 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA16150
          for freebsd-security-outgoing; Mon, 20 Apr 1998 08:39:27 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from gateman.zeus.leitch.com (gateman.zeus.leitch.com [204.187.61.193])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA16045
          for <freebsd-security@FreeBSD.ORG>; Mon, 20 Apr 1998 15:39:00 GMT
          (envelope-from woods@tap.zeus.leitch.com)
Received: from zeus.leitch.com (tap.zeus.leitch.com [204.187.61.10]) by gateman.zeus.leitch.com (8.8.5/8.7.3/1.0) with ESMTP id LAA17590 for <freebsd-security@FreeBSD.ORG>; Mon, 20 Apr 1998 11:38:58 -0400 (EDT)
Received: from brain.zeus.leitch.com (brain.zeus.leitch.com [204.187.61.32]) by zeus.leitch.com (8.7.5/8.7.3/1.0) with ESMTP id LAA22377 for <freebsd-security@FreeBSD.ORG>; Mon, 20 Apr 1998 11:38:57 -0400 (EDT)
Received: (from woods@localhost)
	by brain.zeus.leitch.com (8.8.8/8.8.8) id LAA13125;
	Mon, 20 Apr 1998 11:38:56 -0400 (EDT)
	(envelope-from woods@tap.zeus.leitch.com)
Date: Mon, 20 Apr 1998 11:38:56 -0400 (EDT)
Message-Id: <199804201538.LAA13125@brain.zeus.leitch.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
From: woods@zeus.leitch.com (Greg A. Woods)
To: freebsd-security@FreeBSD.ORG
Subject: Re: suid/sgid programs
In-Reply-To: Fernando P. Schapachnik's message
	of "Sun, April 19, 1998 00:26:54 -0300"
	regarding "Re: suid/sgid programs"
	id <199804190326.AAA00487@localhost.schapachnik.com.ar>
References: <Pine.BSF.3.96.980418120221.15725B-300000@trojanhorse.pr.watson.org>
	<199804190326.AAA00487@localhost.schapachnik.com.ar>
X-Mailer: VM 6.45 under Emacs 20.2.1
Reply-To: woods@zeus.leitch.com (Greg A. Woods)
Organization: Planix, Inc.; Toronto, Ontario; Canada
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id PAA16062
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

[ On Sun, April 19, 1998 at 00:26:54 (-0300), Fernando P. Schapachnik wrote: ]
> Subject: Re: suid/sgid programs
>
> En un mensaje anterior Robert Watson escribi˘:
> [...]
> > We note also that a fairly large chunk of suid/sgid programs are UUCP
> > programs -- something that a majority of FreeBSD users (I would guess?) do
> > not use.  In terms of reducing risk, disabling suid/sgid on these programs
> 
> Don't be so sure. FreeBSD boxes are an excellent choice for UUCP servers. 

Indeed.

And they are particularly relevant w.r.t. discussions about
"hardening".  Anyone who has ever wanted more explicit control over
remote file transfer and job execution, with good auditing and error
handling and recovery, should consider using UUCP over TCP instead of
the r* suite of tools (or even ssh, which in theory could be used as a
transport for uucp thus providing the best of both worlds).

-- 
							Greg A. Woods

+1 416 443-1734      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message