From owner-freebsd-security  Sun Sep  9  1:37: 1 2001
Delivered-To: freebsd-security@freebsd.org
Received: from earth.backplane.com (earth-nat-cw.backplane.com [208.161.114.67])
	by hub.freebsd.org (Postfix) with ESMTP id D4E3037B403
	for <security@FreeBSD.ORG>; Sun,  9 Sep 2001 01:36:57 -0700 (PDT)
Received: (from dillon@localhost)
	by earth.backplane.com (8.11.6/8.11.2) id f898atk32035;
	Sun, 9 Sep 2001 01:36:55 -0700 (PDT)
	(envelope-from dillon)
Date: Sun, 9 Sep 2001 01:36:55 -0700 (PDT)
From: Matt Dillon <dillon@earth.backplane.com>
Message-Id: <200109090836.f898atk32035@earth.backplane.com>
To: Bruce Evans <bde@zeta.org.au>
Cc: Mike Tancsa <mike@sentex.net>, <security@FreeBSD.ORG>
Subject: Re: Fwd: Multiple vendor 'Taylor UUCP' problems.
References:  <20010909174638.Q3607-100000@alphplex.bde.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

:I don't see how schg'ing these binaries makes them significantly more
:secure.  These binaries are not writable by uucp.  They are writable
:by root, but root can just as easily un-schg them as write them.
:

    Huh?  The binaries are owned by user uucp, so they are writable by
    user uucp.

    su - uucp
    cd /usr/bin
    chmod 755 uucp
    vi uucp
    (have fun)
    chmod 4555 uucp

						-Matt

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message