From owner-freebsd-security Thu Oct 11 6: 9:17 2001 Delivered-To: freebsd-security@freebsd.org Received: from D00015.dialonly.kemerovo.su (www2.svzserv.kemerovo.su [213.184.65.86]) by hub.freebsd.org (Postfix) with ESMTP id 218C737B408 for ; Thu, 11 Oct 2001 06:08:59 -0700 (PDT) Received: (from eugen@localhost) by D00015.dialonly.kemerovo.su (8.11.6/8.11.4) id f9BD7kv00781; Thu, 11 Oct 2001 21:07:46 +0800 (KRAST) (envelope-from eugen) Date: Thu, 11 Oct 2001 21:07:46 +0800 From: Eugene Grosbein To: Max Khon Cc: security@FreeBSD.ORG Subject: Re: [security-advisories@FreeBSD.ORG: FreeBSD Security Advisory FreeBSD-SA-01:62.uucp] Message-ID: <20011011210746.A743@grosbein.pp.ru> References: <20011011194407.A14596@iclub.nsu.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011011194407.A14596@iclub.nsu.ru>; from fjoe@iclub.nsu.ru on Thu, Oct 11, 2001 at 07:44:07PM +0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Oct 11, 2001 at 07:44:07PM +0700, Max Khon wrote: > ============================================================================= > FreeBSD-SA-01:62 Security Advisory > FreeBSD, Inc. > > Topic: UUCP allows local root exploit > > [...] > > any objections if I commit this to RELENG_3? > > proposed patch attached > > /fjoe > --- gnu/libexec/uucp/cu/Makefile.orig Sun Aug 29 22:29:20 1999 > +++ gnu/libexec/uucp/cu/Makefile Tue Oct 9 10:12:37 2001 > @@ -12,6 +12,7 @@ > DPADD+= $(LIBUNIX) $(LIBUUCONF) $(LIBUUCP) > CFLAGS+= -I$(.CURDIR)/../common_sources\ > -DVERSION=\"$(VERSION)\" > +INSTALLFLAGS+= -fschg > > .include > .PATH: $(.CURDIR)/../common_sources > --- gnu/libexec/uucp/uucp/Makefile.orig Sun Aug 29 22:30:38 1999 > +++ gnu/libexec/uucp/uucp/Makefile Tue Oct 9 10:12:37 2001 > @@ -11,6 +11,7 @@ > DPADD+= $(LIBUNIX) $(LIBUUCONF) $(LIBUUCP) > CFLAGS+= -I$(.CURDIR)/../common_sources\ > -DVERSION=\"$(VERSION)\" > +INSTALLFLAGS+= -fschg > > .include > .PATH: $(.CURDIR)/../common_sources > --- gnu/libexec/uucp/uuname/Makefile.orig Sun Aug 29 22:30:42 1999 > +++ gnu/libexec/uucp/uuname/Makefile Tue Oct 9 10:12:37 2001 > @@ -11,7 +11,7 @@ > DPADD+= $(LIBUNIX) $(LIBUUCONF) $(LIBUUCP) > CFLAGS+= -I$(.CURDIR)/../common_sources\ > -DVERSION=\"$(VERSION)\" > - > +INSTALLFLAGS+= -fschg > > .include > .PATH: $(.CURDIR)/../common_sources > --- gnu/libexec/uucp/uustat/Makefile.orig Sun Aug 29 22:30:49 1999 > +++ gnu/libexec/uucp/uustat/Makefile Tue Oct 9 10:12:37 2001 > @@ -13,6 +13,7 @@ > CFLAGS+= -I$(.CURDIR)/../common_sources\ > -DOWNER=\"$(owner)\"\ > -DVERSION=\"$(VERSION)\" > +INSTALLFLAGS+= -fschg > > .include > .PATH: $(.CURDIR)/../common_sources > --- gnu/libexec/uucp/uux/Makefile.orig Sun Aug 29 22:30:54 1999 > +++ gnu/libexec/uucp/uux/Makefile Tue Oct 9 10:12:37 2001 > @@ -11,6 +11,7 @@ > DPADD+= $(LIBUNIX) $(LIBUUCONF) $(LIBUUCP) > CFLAGS+= -I$(.CURDIR)/../common_sources\ > -DVERSION=\"$(VERSION)\" > +INSTALLFLAGS+= -fschg > > .include > .PATH: $(.CURDIR)/../common_sources > --- etc/periodic/daily/410.status-uucp.orig Tue Oct 9 10:09:11 2001 > +++ etc/periodic/daily/410.status-uucp Tue Oct 9 10:12:11 2001 > @@ -8,4 +8,5 @@ > echo "UUCP status:" > > - uustat -a > + (echo "/usr/bin/uustat -a" | su -fm uucp ) This line must be changed to + echo "/usr/bin/uustat -a" | su -fm uucp e.g ()'s must be omitted. > fi > --- usr.bin/tip/tip/Makefile.orig Mon Sep 21 16:41:35 1998 > +++ usr.bin/tip/tip/Makefile Tue Oct 9 10:12:37 2001 > @@ -21,6 +21,7 @@ > MAN5= modems.5 > SRCS= acu.c acutab.c cmds.c cmdtab.c cu.c hunt.c log.c partab.c \ > remote.c tip.c tipout.c value.c vars.c > +INSTALLFLAGS+= -fschg > > BINDIR?= /usr/bin > BINOWN= uucp Eugene To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message