Date: Tue, 29 Jul 1997 21:06:39 -0400 (EDT) From: Adam Shostack <adam@homeport.org> To: jdn@qiv.com (Jay D. Nelson) Cc: adam@homeport.org, robert+freebsd@cyrus.watson.org, vince@mail.MCESTATE.COM, security@FreeBSD.ORG Subject: Re: security hole in FreeBSD Message-ID: <199707300106.VAA16708@homeport.org> In-Reply-To: <Pine.BSF.3.96.970729191405.558A-100000@acp.qiv.com> from "Jay D. Nelson" at "Jul 29, 97 07:29:49 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Let me be clear; I don't have anything against UUCP users, but most people don't need it turned on. Since its parts of it are setuid, (and thus potential security holes) I think its a reasonable to suggest that it ship either not setuid or as an install option. Yes idiots will hurt themselves. Should we try to make FreeBSD reasonably secure? I think so. I think a good metric to use is don't install uncommon services by default, require some action to turn them on. Adam Jay D. Nelson wrote: | Sorry -- I guess I'm old fart hold outs. I use uucp and many of my clients | use uucp. From what I see, UUCP use is growing even though these machines | never show up in the maps. I think uucp will grow even more. | | Perhaps the best approach, if you really want to take it out of the | standard distribution, is to make it an option at install time. Those that | don't know what it is won't install it anyway. | | Idiots will blow their feet of no matter how hard you try to protect them. | All you will accomplish, if you take it out of the distribution, is | force the idiots to use rm * instead and force me to go to MIT to get | and install UUCP. | | -- Jay | | On Tue, 29 Jul 1997, Adam Shostack wrote: | | ->Robert Watson wrote: | ->| On Mon, 28 Jul 1997, Adam Shostack wrote: | ->| | ->| > Vincent Poy wrote: | ->| > | ->| > su really should be setuid. Everything else is debatable. My | ->| > advice is to turn off all setuid bits except those you know you need | ->| > (possibly w, who, ps, ping, at, passwd) | -> | ->| Several mail delivery programs (mail.local, sendmail, uucp-stuff, etc) | ->| require root access to delivery to local mailboxes; crontab related stuff, | ->| terminal locking, some kerberos commands, local XWindows servers, and su | ->| all rely on suid. | -> | ->I know no one who still runs uucp. There are a few holdouts, but most | ->systems can leave uucp off with no pain. Ditto with kerberos. :) -- "It is seldom that liberty of any kind is lost all at once." -Hume
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199707300106.VAA16708>