From owner-freebsd-security Tue Jul 29 13:40:00 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id NAA11385 for security-outgoing; Tue, 29 Jul 1997 13:40:00 -0700 (PDT) Received: from verdi.nethelp.no (verdi.nethelp.no [195.1.171.130]) by hub.freebsd.org (8.8.5/8.8.5) with SMTP id NAA11380 for ; Tue, 29 Jul 1997 13:39:55 -0700 (PDT) From: sthaug@nethelp.no Received: (qmail 4204 invoked by uid 1001); 29 Jul 1997 20:39:45 +0000 (GMT) To: pechter@lakewood.com Cc: adam@homeport.org, freebsd-security@FreeBSD.ORG Subject: Re: security hole in FreeBSD In-Reply-To: Your message of "Tue, 29 Jul 1997 15:30:10 -0400 (EDT)" References: <199707291930.PAA12852@i4got.lakewood.com> X-Mailer: Mew version 1.05+ on Emacs 19.28.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Date: Tue, 29 Jul 1997 22:39:45 +0200 Message-ID: <4202.870208785@verdi.nethelp.no> Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > I brought this one back to freebsd-security to see if I'm the only one that > has a problem with removing suid from uucp or removing uucp from the base > distribution -- ... > It may be I'm just having a bad day -- but I think: > > The day FreeBSD stops including stuff like UUCP in the base system is the > day I find another (NetBSD/OpenBSD/Linux) OS. > > I like the fact it is ALL of Unix. Put a package together that will > shut down the SUID stuff -- keep this out of the standard distribution. > > Most linux admins have never seen Cops/Tripwire/TCP Wrappers. If you're > allowing others to connect to your machine you need to determine the amount > of risk you are willing to allow and work to decide how to protect yourself. > Inherent with connectivity is risk. Inherent with protection is knowing > that NO machine is automatically secure out of the box. > > I worked with a number of commercial Unix systems running C2 and B2 security > and they all came in an unsecure manner and you turned on the audit and > security features used to bring them to a more secure level. There's unsecure and there's unsecure. SunOS 5.5.1 is more secure than SunOS 4.1.4 out of the box. I've heard some people complain, but most admins seem to like it. I like the FreeBSD distributions - but I would be much happier if there was an easy way to make a system more secure. For instance a document which told you: - These files are only necessary if you need functionality X (uucp is an example here). If you don't need functionality X, they can be safely removed. - These files have setuid (setgid) for such and such a reason. If you don't need that functionality, the setuid (setgid) bit can be removed. (eg. the setuid bit on /usr/bin/login - only needed if you want to login to another user without logging out first.) - Here's what you need to set up a reasonable changeroot environment. If such a document was accompanied by scripts to help you do the job, even better. Yes, I'm willing to help to create such a document. Steinar Haug, Nethelp consulting, sthaug@nethelp.no