From owner-freebsd-security Wed Jul 30 05:30:35 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id FAA27664 for security-outgoing; Wed, 30 Jul 1997 05:30:35 -0700 (PDT) Received: from anugpo.anu.edu.au (anugpo.anu.edu.au [150.203.2.6]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id FAA27659 for ; Wed, 30 Jul 1997 05:30:31 -0700 (PDT) Received: from bohm.anu.edu.au (root@bohm.anu.edu.au [150.203.21.88]) by anugpo.anu.edu.au (8.8.5/8.8.5) with SMTP id WAA07750; Wed, 30 Jul 1997 22:30:27 +1000 (EST) Received: from s3080696 by bohm.anu.edu.au (SMI-8.6/SMI-SVR4) id WAA23230; Wed, 30 Jul 1997 22:30:12 +1000 Message-Id: <3.0.32.19970730223202.0070ef8c@student.anu.edu.au> X-Sender: s3080696@student.anu.edu.au X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Wed, 30 Jul 1997 22:32:18 +1000 To: Adam Shostack , jdn@qiv.com (Jay D. Nelson) From: James Seng Subject: Re: security hole in FreeBSD Cc: adam@homeport.org, robert+freebsd@cyrus.watson.org, vince@mail.MCESTATE.COM, security@FreeBSD.ORG Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk At 09:06 PM 7/29/97 -0400, Adam Shostack wrote: > Let me be clear; I don't have anything against UUCP users, but >most people don't need it turned on. Since its parts of it are >setuid, (and thus potential security holes) I think its a reasonable >to suggest that it ship either not setuid or as an install option. I have not heard of any request for the use UUCP from my users nor is my UUCP binaries been used in the last few years...I think the time when lease line is expensive, when university work with 9,600bps (wow) connection and when UUCP rules the earth is over...we have to let it go and look forward. *8) I have nothing against UUCP of cos but it is always nice if we can reduce the base distribution size by letting some of the less often used stuff away. *cheers* -James Seng