From owner-freebsd-security Mon Apr 20 08:52:02 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA16150 for freebsd-security-outgoing; Mon, 20 Apr 1998 08:39:27 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from gateman.zeus.leitch.com (gateman.zeus.leitch.com [204.187.61.193]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA16045 for ; Mon, 20 Apr 1998 15:39:00 GMT (envelope-from woods@tap.zeus.leitch.com) Received: from zeus.leitch.com (tap.zeus.leitch.com [204.187.61.10]) by gateman.zeus.leitch.com (8.8.5/8.7.3/1.0) with ESMTP id LAA17590 for ; Mon, 20 Apr 1998 11:38:58 -0400 (EDT) Received: from brain.zeus.leitch.com (brain.zeus.leitch.com [204.187.61.32]) by zeus.leitch.com (8.7.5/8.7.3/1.0) with ESMTP id LAA22377 for ; Mon, 20 Apr 1998 11:38:57 -0400 (EDT) Received: (from woods@localhost) by brain.zeus.leitch.com (8.8.8/8.8.8) id LAA13125; Mon, 20 Apr 1998 11:38:56 -0400 (EDT) (envelope-from woods@tap.zeus.leitch.com) Date: Mon, 20 Apr 1998 11:38:56 -0400 (EDT) Message-Id: <199804201538.LAA13125@brain.zeus.leitch.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 From: woods@zeus.leitch.com (Greg A. Woods) To: freebsd-security@FreeBSD.ORG Subject: Re: suid/sgid programs In-Reply-To: Fernando P. Schapachnik's message of "Sun, April 19, 1998 00:26:54 -0300" regarding "Re: suid/sgid programs" id <199804190326.AAA00487@localhost.schapachnik.com.ar> References: <199804190326.AAA00487@localhost.schapachnik.com.ar> X-Mailer: VM 6.45 under Emacs 20.2.1 Reply-To: woods@zeus.leitch.com (Greg A. Woods) Organization: Planix, Inc.; Toronto, Ontario; Canada Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id PAA16062 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk [ On Sun, April 19, 1998 at 00:26:54 (-0300), Fernando P. Schapachnik wrote: ] > Subject: Re: suid/sgid programs > > En un mensaje anterior Robert Watson escribi˘: > [...] > > We note also that a fairly large chunk of suid/sgid programs are UUCP > > programs -- something that a majority of FreeBSD users (I would guess?) do > > not use. In terms of reducing risk, disabling suid/sgid on these programs > > Don't be so sure. FreeBSD boxes are an excellent choice for UUCP servers. Indeed. And they are particularly relevant w.r.t. discussions about "hardening". Anyone who has ever wanted more explicit control over remote file transfer and job execution, with good auditing and error handling and recovery, should consider using UUCP over TCP instead of the r* suite of tools (or even ssh, which in theory could be used as a transport for uucp thus providing the best of both worlds). -- Greg A. Woods +1 416 443-1734 VE3TCP Planix, Inc. ; Secrets of the Weird To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message