Date: Tue, 5 Aug 2003 16:57:23 -0700 (PDT) From: Mike Hoskins <mike@adept.org> To: security@freebsd.org Subject: Re: killing UUCP Message-ID: <20030805164850.C6218@fubar.adept.org> In-Reply-To: <20030805213206.60517.qmail@web10104.mail.yahoo.com> References: <20030805213206.60517.qmail@web10104.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 5 Aug 2003, twig les wrote: > Aside from the SUID/SGID stuff that pops up via my finds, I > simply see no reason to have any UUCP stuff on these boxes. Is > this stuff simply around because it is legacy and turned off so > it's a low priority? i may just be thinking of another case, or not thinking at all... but i recall buildworld issues if certain users weren't in the password file. (granted, this memory is coming from 2-3 years ago.) as a result, i've always just removed the SUID/SGID bits and pointed the uucp user's shell to nologin. i would also clean uucppublic, in particular, as it can create a local DoS of sorts... providing a world-writable place for local users to fill /var (bad if your logs go there too). however, now that make.conf has, #NOUUCP= true # do not build uucp related programs you may be able to define that and do away with the user all together. someone else can confirm (i've built with NOUUCP=true, but i have not tried deleting the uucp user.) -mrh -- From: "Spam Catcher" <spam-catcher@adept.org> To: spam-catcher@adept.org Do NOT send email to the address listed above or you will be added to a blacklist!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030805164850.C6218>