From owner-freebsd-audit  Sat Sep  8 19:17:34 2001
Delivered-To: freebsd-audit@freebsd.org
Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42])
	by hub.freebsd.org (Postfix) with ESMTP
	id EEDA037B403; Sat,  8 Sep 2001 19:17:26 -0700 (PDT)
Received: (from ache@localhost)
	by nagual.pp.ru (8.11.6/8.11.6) id f892G2M34965;
	Sun, 9 Sep 2001 06:16:03 +0400 (MSD)
	(envelope-from ache)
Date: Sun, 9 Sep 2001 06:16:01 +0400
From: "Andrey A. Chernov" <ache@nagual.pp.ru>
To: Kris Kennaway <kris@obsecurity.org>
Cc: "Todd C. Miller" <Todd.Miller@courtesan.com>,
	Matt Dillon <dillon@earth.backplane.com>,
	Jordan Hubbard <jkh@FreeBSD.ORG>, security@FreeBSD.ORG,
	audit@FreeBSD.ORG
Subject: Re: Fwd: Multiple vendor 'Taylor UUCP' problems.
Message-ID: <20010909061601.A34828@nagual.pp.ru>
References: <200109082103.f88L3fK29117@earth.backplane.com> <20010908154617.A73143@xor.obsecurity.org> <20010908170257.A82082@xor.obsecurity.org> <20010908174304.A88816@xor.obsecurity.org> <20010909045226.A33654@nagual.pp.ru> <20010908180848.A94567@xor.obsecurity.org> <200109090120.f891KvM14677@xerxes.courtesan.com> <20010908185415.A5619@xor.obsecurity.org> <20010909055903.A34519@nagual.pp.ru> <20010908190700.A5881@xor.obsecurity.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="EVF5PPMfhYS0aIcm"
Content-Disposition: inline
In-Reply-To: <20010908190700.A5881@xor.obsecurity.org>
User-Agent: Mutt/1.3.21i
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-audit.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-audit>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-audit>
X-Loop: FreeBSD.ORG


--EVF5PPMfhYS0aIcm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Sep 08, 2001 at 19:07:00 -0700, Kris Kennaway wrote:
> > I.e. it is not FreeBSD security problem but uucp problem (as designed).
> > All we need is to protect uucp binaries from modifications (via schg).
>=20
> Hmm.  These flaws in the UUCP suite need to be documented, then.

The are documented (read docs :-) not as 'flaws' but as normal
functionality. By specifying the same system as anybody else you can
easily create havoc there, but UUCP assume that it is 'never happens' or
handled by system admin reactions. Users that have uucp access treated as
one team, not enemies.

> I think it's finally time to make UUCP into a port: I'll work on that
> later tonight.

Maybe. It is rarely enough used nowdays to deserve that.

--=20
Andrey A. Chernov
http://ache.pp.ru/

--EVF5PPMfhYS0aIcm
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia

iQCVAwUBO5rQ4eJgpPLZnQjrAQGnpQQA3YL/ntWxnFyDfMSfibmHcLsuYwlrxfg/
6Xg+9cVgPa6Ws1ZRTuU+gwOz0wT9hutSR62JvZ26rlI4rG+in1HPIuPrbuBkRMj/
bZEj5bQ1/6KAAx1gihXkCFfcpNX8b/Uijczz7jhNZxlHbjb3FBfa5zmk46WHaUj/
5KnvVcXkTxY=
=bgyD
-----END PGP SIGNATURE-----

--EVF5PPMfhYS0aIcm--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message