From owner-freebsd-security Sat Sep 8 15:46:21 2001 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-54.dsl.lsan03.pacbell.net [63.207.60.54]) by hub.freebsd.org (Postfix) with ESMTP id 5779737B401; Sat, 8 Sep 2001 15:46:18 -0700 (PDT) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id E12F266D0A; Sat, 8 Sep 2001 15:46:17 -0700 (PDT) Date: Sat, 8 Sep 2001 15:46:17 -0700 From: Kris Kennaway To: Matt Dillon Cc: Jordan Hubbard , security@FreeBSD.ORG Subject: Re: Fwd: Multiple vendor 'Taylor UUCP' problems. Message-ID: <20010908154617.A73143@xor.obsecurity.org> References: <5.1.0.14.0.20010908153417.0286b4b8@192.168.0.12> <200109082103.f88L3fK29117@earth.backplane.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="tKW2IUtsqtDRztdT" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200109082103.f88L3fK29117@earth.backplane.com>; from dillon@earth.backplane.com on Sat, Sep 08, 2001 at 02:03:41PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --tKW2IUtsqtDRztdT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Sep 08, 2001 at 02:03:41PM -0700, Matt Dillon wrote: > Jordan, I would like to commit this to -stable for the release, > if it isn't too late. (and -current as well). This doesn't address > the config file problems with uucp but it will prevent the root > exploit. It also prevents 'tip' from being exploited. >=20 > -Matt [...] > +INSTALLFLAGS+=3D -fschg As I understand it, the only reason these things are setuid uucp is for the purpose of creating lockfiles. What may be a better solution is to change them to be setgid uucp: members with privilege of the group of a binary cannot replace it, and this protects NFS installations too. This is the approach we uses for games ports which are probably insecure, but need extra privileges to write score/save files (if someone attacks the binary, they can't replace it or do anything else except modify score/save files) Kris --tKW2IUtsqtDRztdT Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7mp+5Wry0BWjoQKURAtvbAKDudl7w60Gkc8rn3Q/TLPJS/h8+RACglX8I gRXugzJUvu7tU7WlLL3nDyw= =T+MC -----END PGP SIGNATURE----- --tKW2IUtsqtDRztdT-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message