Date: Fri, 08 Jun 2001 13:14:52 -0600 From: Lyndon Nerenberg <lyndon@orthanc.ab.ca> To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> Cc: Peter Pentchev <roam@orbitel.bg>, freebsd-security@FreeBSD.ORG Subject: /bin/rmail (was: root & toor) Message-ID: <200106081914.f58JEq556483@orthanc.ab.ca> In-Reply-To: Your message of "Fri, 08 Jun 2001 10:46:00 EDT." <200106081446.KAA36576@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "Garrett" == Garrett Wollman <wollman@khavrinen.lcs.mit.edu> writes: Garrett> Unfortunately, as with /etc/rmt, it is part of a protocol Garrett> the client implementations of which we do not control. That's not true. The convention for executing rmail has always[1] been 'uux system!rmail'. It's up to the remote uuxqt to decide what path it's going to use when searching for executables. In FreeBSD, uuxqt searches in /bin, /usr/bin, /usr/local/bin by default. So, moving rmail into /usr/bin won't break the traditional uuxqt execution environment. The only other issue is local execution of /bin/rmail by programs other than uuxqt. A grep through the source tree doesn't show any other program invoking rmail. And I would argue that rmail shouldn't be invoked by anything other than uuxqt. It's presence in /bin is an artifact of there being no concept of libexec directories when UUCP was invented. In fact, I would go so far as to say we should create /usr/libexec/uuxqt/, move rmail into it, and prepend /usr/libexec/uuxqt to the default uuxqt execution search path. --lyndon [1] Well, it's been this way for the 17 years I've been using UUCP. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106081914.f58JEq556483>