Date: Sun, 9 Sep 2001 06:16:01 +0400 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Kris Kennaway <kris@obsecurity.org> Cc: "Todd C. Miller" <Todd.Miller@courtesan.com>, Matt Dillon <dillon@earth.backplane.com>, Jordan Hubbard <jkh@FreeBSD.ORG>, security@FreeBSD.ORG, audit@FreeBSD.ORG Subject: Re: Fwd: Multiple vendor 'Taylor UUCP' problems. Message-ID: <20010909061601.A34828@nagual.pp.ru> In-Reply-To: <20010908190700.A5881@xor.obsecurity.org> References: <200109082103.f88L3fK29117@earth.backplane.com> <20010908154617.A73143@xor.obsecurity.org> <20010908170257.A82082@xor.obsecurity.org> <20010908174304.A88816@xor.obsecurity.org> <20010909045226.A33654@nagual.pp.ru> <20010908180848.A94567@xor.obsecurity.org> <200109090120.f891KvM14677@xerxes.courtesan.com> <20010908185415.A5619@xor.obsecurity.org> <20010909055903.A34519@nagual.pp.ru> <20010908190700.A5881@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--EVF5PPMfhYS0aIcm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Sep 08, 2001 at 19:07:00 -0700, Kris Kennaway wrote: > > I.e. it is not FreeBSD security problem but uucp problem (as designed). > > All we need is to protect uucp binaries from modifications (via schg). >=20 > Hmm. These flaws in the UUCP suite need to be documented, then. The are documented (read docs :-) not as 'flaws' but as normal functionality. By specifying the same system as anybody else you can easily create havoc there, but UUCP assume that it is 'never happens' or handled by system admin reactions. Users that have uucp access treated as one team, not enemies. > I think it's finally time to make UUCP into a port: I'll work on that > later tonight. Maybe. It is rarely enough used nowdays to deserve that. --=20 Andrey A. Chernov http://ache.pp.ru/ --EVF5PPMfhYS0aIcm Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia iQCVAwUBO5rQ4eJgpPLZnQjrAQGnpQQA3YL/ntWxnFyDfMSfibmHcLsuYwlrxfg/ 6Xg+9cVgPa6Ws1ZRTuU+gwOz0wT9hutSR62JvZ26rlI4rG+in1HPIuPrbuBkRMj/ bZEj5bQ1/6KAAx1gihXkCFfcpNX8b/Uijczz7jhNZxlHbjb3FBfa5zmk46WHaUj/ 5KnvVcXkTxY= =bgyD -----END PGP SIGNATURE----- --EVF5PPMfhYS0aIcm-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010909061601.A34828>