Date: Tue, 29 Jul 1997 21:58:24 -0500 (CDT) From: "Jay D. Nelson" <jdn@qiv.com> To: Adam Shostack <adam@homeport.org> Cc: robert+freebsd@cyrus.watson.org, vince@mail.MCESTATE.COM, security@FreeBSD.ORG Subject: Re: security hole in FreeBSD Message-ID: <Pine.BSF.3.96.970729205649.772A-100000@acp.qiv.com> In-Reply-To: <199707300106.VAA16708@homeport.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Your point is well taken. That's why I suggested making it an install option very much like DES. I understand the risks with UUCP and, for the most part, tie it down to control access. Not all systems or networks are connected to the internet -- in fact, probably less than 50% are connected. In controlled environments, UUCP, rsh and all the traditional tools are quite useful. A knowledgeable Admin knows what needs to be done. There is no bullet proof system except the one turned off. Why cripple the experienced to protect the inexperienced? The beginners will learn, as we did, as they go along. -- Jay On Tue, 29 Jul 1997, Adam Shostack wrote: -> Let me be clear; I don't have anything against UUCP users, but ->most people don't need it turned on. Since its parts of it are ->setuid, (and thus potential security holes) I think its a reasonable ->to suggest that it ship either not setuid or as an install option. -> -> Yes idiots will hurt themselves. Should we try to make ->FreeBSD reasonably secure? I think so. I think a good metric to use ->is don't install uncommon services by default, require some action to ->turn them on. -> ->Adam -> ->Jay D. Nelson wrote: ->| Sorry -- I guess I'm old fart hold outs. I use uucp and many of my clients ->| use uucp. From what I see, UUCP use is growing even though these machines ->| never show up in the maps. I think uucp will grow even more. ->| ->| Perhaps the best approach, if you really want to take it out of the ->| standard distribution, is to make it an option at install time. Those that ->| don't know what it is won't install it anyway. ->| ->| Idiots will blow their feet of no matter how hard you try to protect them. ->| All you will accomplish, if you take it out of the distribution, is ->| force the idiots to use rm * instead and force me to go to MIT to get ->| and install UUCP. ->| ->| -- Jay ->| ->| On Tue, 29 Jul 1997, Adam Shostack wrote: ->| ->| ->Robert Watson wrote: ->| ->| On Mon, 28 Jul 1997, Adam Shostack wrote: ->| ->| ->| ->| > Vincent Poy wrote: ->| ->| > ->| ->| > su really should be setuid. Everything else is debatable. My ->| ->| > advice is to turn off all setuid bits except those you know you need ->| ->| > (possibly w, who, ps, ping, at, passwd) ->| -> ->| ->| Several mail delivery programs (mail.local, sendmail, uucp-stuff, etc) ->| ->| require root access to delivery to local mailboxes; crontab related stuff, ->| ->| terminal locking, some kerberos commands, local XWindows servers, and su ->| ->| all rely on suid. ->| -> ->| ->I know no one who still runs uucp. There are a few holdouts, but most ->| ->systems can leave uucp off with no pain. Ditto with kerberos. :) -> ->-- ->"It is seldom that liberty of any kind is lost all at once." -> -Hume -> ->
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.970729205649.772A-100000>