From owner-freebsd-security@FreeBSD.ORG Tue Aug 5 16:57:24 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C2A637B401 for ; Tue, 5 Aug 2003 16:57:24 -0700 (PDT) Received: from fubar.adept.org (fubar.adept.org [63.147.172.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id F197E43F75 for ; Tue, 5 Aug 2003 16:57:23 -0700 (PDT) (envelope-from mike@adept.org) Received: by fubar.adept.org (Postfix, from userid 1001) id E5CFB15256; Tue, 5 Aug 2003 16:57:23 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by fubar.adept.org (Postfix) with ESMTP id E36D71524D for ; Tue, 5 Aug 2003 16:57:23 -0700 (PDT) Date: Tue, 5 Aug 2003 16:57:23 -0700 (PDT) From: Mike Hoskins To: security@freebsd.org In-Reply-To: <20030805213206.60517.qmail@web10104.mail.yahoo.com> Message-ID: <20030805164850.C6218@fubar.adept.org> References: <20030805213206.60517.qmail@web10104.mail.yahoo.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Re: killing UUCP X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2003 23:57:24 -0000 On Tue, 5 Aug 2003, twig les wrote: > Aside from the SUID/SGID stuff that pops up via my finds, I > simply see no reason to have any UUCP stuff on these boxes. Is > this stuff simply around because it is legacy and turned off so > it's a low priority? i may just be thinking of another case, or not thinking at all... but i recall buildworld issues if certain users weren't in the password file. (granted, this memory is coming from 2-3 years ago.) as a result, i've always just removed the SUID/SGID bits and pointed the uucp user's shell to nologin. i would also clean uucppublic, in particular, as it can create a local DoS of sorts... providing a world-writable place for local users to fill /var (bad if your logs go there too). however, now that make.conf has, #NOUUCP= true # do not build uucp related programs you may be able to define that and do away with the user all together. someone else can confirm (i've built with NOUUCP=true, but i have not tried deleting the uucp user.) -mrh -- From: "Spam Catcher" To: spam-catcher@adept.org Do NOT send email to the address listed above or you will be added to a blacklist!