From owner-freebsd-security  Mon Sep 30 18:24:01 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id SAA21524
          for security-outgoing; Mon, 30 Sep 1996 18:24:01 -0700 (PDT)
Received: from scanner.worldgate.com (scanner.worldgate.com [198.161.84.3])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id SAA21441
          for <freebsd-security@FreeBSD.ORG>; Mon, 30 Sep 1996 18:23:55 -0700 (PDT)
Received: from znep.com (uucp@localhost) by scanner.worldgate.com (8.7.5/8.7.3) with UUCP id TAA06864; Mon, 30 Sep 1996 19:23:38 -0600 (MDT)
Received: from localhost (marcs@localhost) by alive.ampr.ab.ca (8.7.5/8.7.3) with SMTP id SAA25108; Mon, 30 Sep 1996 18:38:48 -0600 (MDT)
Date: Mon, 30 Sep 1996 18:38:47 -0600 (MDT)
From: Marc Slemko <marcs@znep.com>
X-Sender: marcs@alive.ampr.ab.ca
To: Steve Reid <steve@edmweb.com>
cc: freebsd-security@FreeBSD.ORG
Subject: Re: setuid programs in freebsd
In-Reply-To: <Pine.BSF.3.91.960930144419.191A-100000@bitbucket.edmweb.com>
Message-ID: <Pine.BSF.3.95.960930183327.24468E-100000@alive.ampr.ab.ca>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Good suggestion.  I am tossing about the idea of doing so, but there gets
to be more involved than you may think.  I don't think it would be a
script if I wrote it, but probably a pretty full screen utility similar to
sysinstall in interface.

The first step I'm working on is getting the information and getting it
accurate and complete.  Until I know the information is accurate I'm not
going to worry about making it easy to use.  At the very least, it needs a
good explaination about chflags and chmod.

On Mon, 30 Sep 1996, Steve Reid wrote:

> > Below is the start of a document I am putting together about various
> > setuid programs in FreeBSD with the intent of giving users a chance to
> > disable what they don't need.
> [snip]
> 
> This is a very good idea. Other people have posted about what they've
> removed the suid bit from, but not with such detailed information. 
> 
> How about turning this into a script for convenience? It could go through
> all of the suid programs, display the relevant info from your document,
> and ask how the modes should be set. Much faster and easier than manually
> going through all of the files and typing the necessary chflags and chmod
> commands by hand. 
> 
> 
> =====================================================================
> | Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
> | Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
> | PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 |
> |          -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. --          |
> ===================================================================:)
>