Date: Tue, 29 Jul 1997 19:29:49 -0500 (CDT) From: "Jay D. Nelson" <jdn@qiv.com> To: Adam Shostack <adam@homeport.org> Cc: robert+freebsd@cyrus.watson.org, vince@mail.MCESTATE.COM, security@FreeBSD.ORG Subject: Re: security hole in FreeBSD Message-ID: <Pine.BSF.3.96.970729191405.558A-100000@acp.qiv.com> In-Reply-To: <199707291250.IAA12447@homeport.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Sorry -- I guess I'm old fart hold outs. I use uucp and many of my clients use uucp. From what I see, UUCP use is growing even though these machines never show up in the maps. I think uucp will grow even more. Perhaps the best approach, if you really want to take it out of the standard distribution, is to make it an option at install time. Those that don't know what it is won't install it anyway. Idiots will blow their feet of no matter how hard you try to protect them. All you will accomplish, if you take it out of the distribution, is force the idiots to use rm * instead and force me to go to MIT to get and install UUCP. -- Jay On Tue, 29 Jul 1997, Adam Shostack wrote: ->Robert Watson wrote: ->| On Mon, 28 Jul 1997, Adam Shostack wrote: ->| ->| > Vincent Poy wrote: ->| > ->| > su really should be setuid. Everything else is debatable. My ->| > advice is to turn off all setuid bits except those you know you need ->| > (possibly w, who, ps, ping, at, passwd) -> ->| Several mail delivery programs (mail.local, sendmail, uucp-stuff, etc) ->| require root access to delivery to local mailboxes; crontab related stuff, ->| terminal locking, some kerberos commands, local XWindows servers, and su ->| all rely on suid. -> ->I know no one who still runs uucp. There are a few holdouts, but most ->systems can leave uucp off with no pain. Ditto with kerberos. :) -> ->Adam -> ->-- ->"It is seldom that liberty of any kind is lost all at once." -> -Hume -> ->
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.970729191405.558A-100000>