Date: Sat, 08 Sep 2001 18:16:52 -0700 From: Jordan Hubbard <jkh@freebsd.org> To: dillon@earth.backplane.com Cc: security@freebsd.org Subject: Re: Fwd: Multiple vendor 'Taylor UUCP' problems. Message-ID: <20010908181652H.jkh@freebsd.org> In-Reply-To: <200109082103.f88L3fK29117@earth.backplane.com> References: <5.1.0.14.0.20010908153417.0286b4b8@192.168.0.12> <200109082103.f88L3fK29117@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hmmmm. Stripping the suid bit I can understand, but what's really bought by making it immutable? I'm also truly loath to accept any changes to -stable at this point which don't fix demonstrably critical issues, so unless the security officers can cite evidence that this is a significant security hole, I'm inclined to reject the change. Thanks. - Jordan From: Matt Dillon <dillon@earth.backplane.com> Subject: Re: Fwd: Multiple vendor 'Taylor UUCP' problems. Date: Sat, 8 Sep 2001 14:03:41 -0700 (PDT) > Jordan, I would like to commit this to -stable for the release, > if it isn't too late. (and -current as well). This doesn't address > the config file problems with uucp but it will prevent the root > exploit. It also prevents 'tip' from being exploited. > > -Matt > > > Index: usr.bin/tip/tip/Makefile > =================================================================== > RCS file: /home/ncvs/src/usr.bin/tip/tip/Makefile,v > retrieving revision 1.10.6.1 > diff -u -r1.10.6.1 Makefile > --- usr.bin/tip/tip/Makefile 2001/04/25 11:29:42 1.10.6.1 > +++ usr.bin/tip/tip/Makefile 2001/09/08 21:00:03 > @@ -21,11 +21,13 @@ > MAN= tip.1 modems.5 > SRCS= acu.c acutab.c cmds.c cmdtab.c cu.c hunt.c log.c partab.c \ > remote.c tip.c tipout.c value.c vars.c > +INSTALLFLAGS+= -fschg > > BINDIR?= /usr/bin > BINOWN= uucp > BINGRP= dialer > #BINMODE?= 4510 > + > > # XXX: there is some concern that `tip' in its current state shouldn't run > # SUID. If it believed it should, the mode above may still no be proper. > Index: gnu/libexec/uucp/cu/Makefile > =================================================================== > RCS file: /home/ncvs/src/gnu/libexec/uucp/cu/Makefile,v > retrieving revision 1.8 > diff -u -r1.8 Makefile > --- gnu/libexec/uucp/cu/Makefile 1999/08/27 23:33:06 1.8 > +++ gnu/libexec/uucp/cu/Makefile 2001/09/08 20:57:47 > @@ -12,6 +12,7 @@ > DPADD+= $(LIBUNIX) $(LIBUUCONF) $(LIBUUCP) > CFLAGS+= -I$(.CURDIR)/../common_sources\ > -DVERSION=\"$(VERSION)\" > +INSTALLFLAGS+= -fschg > > .include <bsd.prog.mk> > .PATH: $(.CURDIR)/../common_sources > Index: gnu/libexec/uucp/uucp/Makefile > =================================================================== > RCS file: /home/ncvs/src/gnu/libexec/uucp/uucp/Makefile,v > retrieving revision 1.6 > diff -u -r1.6 Makefile > --- gnu/libexec/uucp/uucp/Makefile 1999/08/27 23:33:55 1.6 > +++ gnu/libexec/uucp/uucp/Makefile 2001/09/08 20:57:57 > @@ -11,6 +11,7 @@ > DPADD+= $(LIBUNIX) $(LIBUUCONF) $(LIBUUCP) > CFLAGS+= -I$(.CURDIR)/../common_sources\ > -DVERSION=\"$(VERSION)\" > +INSTALLFLAGS+= -fschg > > .include <bsd.prog.mk> > .PATH: $(.CURDIR)/../common_sources > Index: gnu/libexec/uucp/uuname/Makefile > =================================================================== > RCS file: /home/ncvs/src/gnu/libexec/uucp/uuname/Makefile,v > retrieving revision 1.5 > diff -u -r1.5 Makefile > --- gnu/libexec/uucp/uuname/Makefile 1999/08/27 23:33:58 1.5 > +++ gnu/libexec/uucp/uuname/Makefile 2001/09/08 20:58:14 > @@ -11,7 +11,7 @@ > DPADD+= $(LIBUNIX) $(LIBUUCONF) $(LIBUUCP) > CFLAGS+= -I$(.CURDIR)/../common_sources\ > -DVERSION=\"$(VERSION)\" > - > +INSTALLFLAGS+= -fschg > > .include <bsd.prog.mk> > .PATH: $(.CURDIR)/../common_sources > Index: gnu/libexec/uucp/uustat/Makefile > =================================================================== > RCS file: /home/ncvs/src/gnu/libexec/uucp/uustat/Makefile,v > retrieving revision 1.5 > diff -u -r1.5 Makefile > --- gnu/libexec/uucp/uustat/Makefile 1999/08/27 23:34:02 1.5 > +++ gnu/libexec/uucp/uustat/Makefile 2001/09/08 20:58:21 > @@ -13,6 +13,7 @@ > CFLAGS+= -I$(.CURDIR)/../common_sources\ > -DOWNER=\"$(owner)\"\ > -DVERSION=\"$(VERSION)\" > +INSTALLFLAGS+= -fschg > > .include <bsd.prog.mk> > .PATH: $(.CURDIR)/../common_sources > Index: gnu/libexec/uucp/uux/Makefile > =================================================================== > RCS file: /home/ncvs/src/gnu/libexec/uucp/uux/Makefile,v > retrieving revision 1.6 > diff -u -r1.6 Makefile > --- gnu/libexec/uucp/uux/Makefile 1999/08/27 23:34:05 1.6 > +++ gnu/libexec/uucp/uux/Makefile 2001/09/08 20:58:25 > @@ -11,6 +11,7 @@ > DPADD+= $(LIBUNIX) $(LIBUUCONF) $(LIBUUCP) > CFLAGS+= -I$(.CURDIR)/../common_sources\ > -DVERSION=\"$(VERSION)\" > +INSTALLFLAGS+= -fschg > > .include <bsd.prog.mk> > .PATH: $(.CURDIR)/../common_sources To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010908181652H.jkh>