From owner-freebsd-security Wed Nov 3 14:57: 7 1999 Delivered-To: freebsd-security@freebsd.org Received: from shell.monmouth.com (shell.monmouth.com [205.231.236.9]) by hub.freebsd.org (Postfix) with ESMTP id ABD2915550 for ; Wed, 3 Nov 1999 14:56:59 -0800 (PST) (envelope-from pechter@pechter.dyndns.org) Received: from pechter.dyndns.org (bg-tc-ppp818.monmouth.com [209.191.53.194]) by shell.monmouth.com (8.9.3/8.9.3) with ESMTP id RAA28915; Wed, 3 Nov 1999 17:54:53 -0500 (EST) Received: (from pechter@localhost) by pechter.dyndns.org (8.9.3/8.9.3) id RAA07926; Wed, 3 Nov 1999 17:56:23 -0500 (EST) (envelope-from pechter) From: Bill Pechter Message-Id: <199911032256.RAA07926@pechter.dyndns.org> Subject: My 2 cents on uustat In-Reply-To: from Robert Watson at "Nov 3, 1999 12:29:38 pm" To: robert+freebsd@cyrus.watson.org Date: Wed, 3 Nov 1999 17:56:21 -0500 (EST) Cc: freebsd-security@freebsd.org Reply-To: bpechter@shell.monmouth.com X-Phone-Number: 908-389-3592 X-OS-Type: FreeBSD 4.0-CURRENT X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Hmm. Well, the old security hole in the sandbox that I reported, that root > ran uustat each day, has now been fixed (at least, in 3.3 it has been). > However, I don't like that /usr/bin/uustat is still owned by UUCP, and > appears in the default path for root and others. Really, if a binary is > not owned by a privileged account, it should not be in the default system > path, rather in some obscure subdirectory where a user has to > intentionally go find it, in my opinion. :-) > > > Robert N M Watson > I hate to argue this one, but I'm probably one of the last UUCP proponants... So... uustat is supposed to be a user level program, run to check whether your file tranfer is still in progress, queued. It also allows you to cancel your pending transfer. From the SunOS 4.1.x manual... uustat displays the status of, or cancels, previously speci- fied uucp(1C) commands. It also reports the status of uucp connections to other systems. When no options are given, uustat displays the status of all uucp requests issued by the current user. This looks like a program that should be a user level program in the user's normal path (unless UUCP is not installed). Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message