From owner-freebsd-arch Sat Sep 8 22:37:27 2001 Delivered-To: freebsd-arch@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-54.dsl.lsan03.pacbell.net [63.207.60.54]) by hub.freebsd.org (Postfix) with ESMTP id 8D79C37B401 for ; Sat, 8 Sep 2001 22:37:23 -0700 (PDT) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 36F6166D0A; Sat, 8 Sep 2001 22:37:23 -0700 (PDT) Date: Sat, 8 Sep 2001 22:37:23 -0700 From: Kris Kennaway To: arch@FreeBSD.org Subject: Moving UUCP to ports Message-ID: <20010908223722.A47449@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="7JfCtLOvnd9MIVvH" Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --7JfCtLOvnd9MIVvH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi all, I would like to move the UUCP suite from the base system into ports. The UUCP utilities have a security hole which yields user uucp access, which can currently be leverage to obtain root access by trojaning the uucp binaries. This security hole is believed to be basically unfixable due to the design of UUCP: we can limit its impact, but not eliminate it for all users. We can limit the vulnerability on the majority of FreeBSD installations by making the uucp-owned binaries schg, but there are corner cases where these flags cannot be set or have no effect (/usr mounted on a non-FreeBSD NFS server, installworld run onto a remote NFS filesystem, or into a jail, etc), in which case the local root exploit remains. Since UUCP isn't in widespread use today, I'd prefer not to have these vulnerable edge cases in the FreeBSD base system. Given these security issues, I believe this is sufficient reason to compartmentalize UUCP away from the rest of the system, so that it only affects those who need it and accept the risks. Since the cu binary isn't known to have security problems at this time and it's widely considered useful, I propose to leave it in the base system. I recognize that there are a number of people who still use UUCP, which is why I've tried to make the transition process to using a port as painless as possible. Please check out the freebsd-uucp port and provide feedback on any problems. You'll probably want to remove the following files which are duplicated by the port (e.g. the /etc/periodic files will otherwise be executed twice): /usr/bin/uucp /usr/bin/uulog /usr/bin/uuname /usr/bin/uupick /usr/bin/uusched /usr/bin/uustat /usr/bin/uuto /usr/bin/uux /etc/periodic/daily/340.uucp /etc/periodic/daily/410.status-uucp /etc/periodic/weekly/300.uucp /etc/uucp/call.sample /etc/uucp/config.sample /etc/uucp/dial.sample /etc/uucp/dialcode.sample /etc/uucp/passwd.sample /etc/uucp/port.sample /etc/uucp/sys1.sample /etc/uucp/sys2.sample /usr/share/info/uucp.info.gz /usr/libexec/uucp/uucico /usr/libexec/uucp/uuxqt /usr/sbin/uuchk /usr/sbin/uuconv Kris P.S. Please at least try using the port before you send flames :) --7JfCtLOvnd9MIVvH Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7mwASWry0BWjoQKURArySAJ4ilISoYpyfPgpsEBJFoJvTW7f0zACfTSIA 9PLYNMoX3YR2SkKAVAZRb+c= =2eK5 -----END PGP SIGNATURE----- --7JfCtLOvnd9MIVvH-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message