Date: Tue, 29 Jul 1997 08:50:07 -0400 (EDT) From: Adam Shostack <adam@homeport.org> To: robert+freebsd@cyrus.watson.org Cc: adam@homeport.org, vince@mail.MCESTATE.COM, security@FreeBSD.ORG Subject: Re: security hole in FreeBSD Message-ID: <199707291250.IAA12447@homeport.org> In-Reply-To: <Pine.BSF.3.95q.970728164656.3342K-100000@cyrus.watson.org> from Robert Watson at "Jul 28, 97 04:55:19 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson wrote: | On Mon, 28 Jul 1997, Adam Shostack wrote: | | > Vincent Poy wrote: | > | > su really should be setuid. Everything else is debatable. My | > advice is to turn off all setuid bits except those you know you need | > (possibly w, who, ps, ping, at, passwd) | Several mail delivery programs (mail.local, sendmail, uucp-stuff, etc) | require root access to delivery to local mailboxes; crontab related stuff, | terminal locking, some kerberos commands, local XWindows servers, and su | all rely on suid. I know no one who still runs uucp. There are a few holdouts, but most systems can leave uucp off with no pain. Ditto with kerberos. :) Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199707291250.IAA12447>