Date: Mon, 6 Jul 1998 03:18:20 +1000 (EST) From: Nicholas Charles Brawn <ncb05@uow.edu.au> To: Jay Tribick <netadmin@fastnet.co.uk> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Increasing security by decreasing installed programs Message-ID: <Pine.SOL.3.96.980706031242.20042B-100000@banshee.cs.uow.edu.au> In-Reply-To: <Pine.BSF.3.96.980704122943.263K-100000@smack.my.bitch.up.fast.net.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 4 Jul 1998, Jay Tribick wrote: > > Hi all.. > > I think we all need to look closely at the default-installed > suid/sgid programs. Why, by default, does FreeBSD install uucp*? > There's not /that/ many people who use it and it would be much > better as an optional components, especially as it runs suid/sgid. > > Why not make the installation program let you select defaultly > installed suid binaries individually (instead of just selecting > the basic distribution, let us go one level down and select > individual basic packages)? > > Regards, > > Jay Tribick <netadmin@fastnet.co.uk> > > [| Network Administrator | FastNet International | http://fast.net.uk/ |] > [| PGPv5 RSA Key Available [2047bit] | Finger netadmin@fastnet.co.uk |] > [| T: +44 (0)1273 677633 F: +44 (0)1273 621631 e: netadmin@fast.net.uk |] > [| ----={ PGPv5 Fingerprint := FA690E7762F0E62F38C6052CC387FFF3 }=---- |] > Robert Watson's site - http://www.watson.org/fbsd-hardening/ covers (or at least discusses this issue). However, I am in agreement with you that there should be some sort of option to limit installation of default setuid and setgid programs during installation of a new freebsd system. Perhaps some sort of "security" option that one could run after the installation that would alert you about all setuid/setgid files and devices, and allow you to remove priveledges and increase or modify default security settings? Just my $0.02 :) Nick -- Email: ncb05@uow.edu.au - http://rabble.uow.edu.au/~nick Key fingerprint = DE 30 33 D3 16 91 C8 8D A7 F8 70 03 B7 77 1A 2A "When in doubt, ask someone wiser than yourself..." -unknown To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SOL.3.96.980706031242.20042B-100000>