From owner-freebsd-security  Thu Dec 16 13:26:56 1999
Delivered-To: freebsd-security@freebsd.org
Received: from shell.futuresouth.com (shell.futuresouth.com [198.78.58.28])
	by hub.freebsd.org (Postfix) with ESMTP id B727914FCD
	for <freebsd-security@FreeBSD.ORG>; Thu, 16 Dec 1999 13:26:51 -0800 (PST)
	(envelope-from tim@futuresouth.com)
Received: (from tim@localhost)
	by shell.futuresouth.com (8.9.3/8.9.3) id PAA21723;
	Thu, 16 Dec 1999 15:25:49 -0600 (CST)
Date: Thu, 16 Dec 1999 15:25:49 -0600
From: Tim Tsai <tim@futuresouth.com>
To: Robert Watson <robert+freebsd@cyrus.watson.org>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: From BugTraq - FreeBSD 3.3 xsoldier root exploit (fwd)
Message-ID: <19991216152548.A21327@futuresouth.com>
References: <14425.12637.308602.637788@anarcat.dyndns.org> <Pine.BSF.3.96.991216135055.26813G-100000@fledge.watson.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0pre3i
In-Reply-To: <Pine.BSF.3.96.991216135055.26813G-100000@fledge.watson.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> HAS_MISC_SET_ID= {yes,no}
> HAS_ROOT_SETUID= {yes,no}

How about just:

HAS_SETUID = {no, user[s]}

example:

HAS_SETUID = root
HAS_SETUID = no
HAS_SETUID = dialer uucp
HAS_SETUID = games

personally I'd also like to see a flag with Make for ports that forces
installation of SETUID programs but by default rejects installation of
SETUID programs.

Tim


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message