From owner-freebsd-security Sat Sep 8 18:17:18 2001 Delivered-To: freebsd-security@freebsd.org Received: from winston.freebsd.org (adsl-64-173-15-98.dsl.sntc01.pacbell.net [64.173.15.98]) by hub.freebsd.org (Postfix) with ESMTP id 096C837B406 for ; Sat, 8 Sep 2001 18:17:12 -0700 (PDT) Received: from localhost (jkh@localhost [127.0.0.1]) by winston.freebsd.org (8.11.6/8.11.6) with ESMTP id f891GqT45013; Sat, 8 Sep 2001 18:16:53 -0700 (PDT) (envelope-from jkh@freebsd.org) To: dillon@earth.backplane.com Cc: security@freebsd.org Subject: Re: Fwd: Multiple vendor 'Taylor UUCP' problems. In-Reply-To: <200109082103.f88L3fK29117@earth.backplane.com> References: <5.1.0.14.0.20010908153417.0286b4b8@192.168.0.12> <200109082103.f88L3fK29117@earth.backplane.com> X-Mailer: Mew version 1.94.1 on Emacs 20.7 / Mule 4.0 (HANANOEN) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20010908181652H.jkh@freebsd.org> Date: Sat, 08 Sep 2001 18:16:52 -0700 From: Jordan Hubbard X-Dispatcher: imput version 20000228(IM140) Lines: 118 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hmmmm. Stripping the suid bit I can understand, but what's really bought by making it immutable? I'm also truly loath to accept any changes to -stable at this point which don't fix demonstrably critical issues, so unless the security officers can cite evidence that this is a significant security hole, I'm inclined to reject the change. Thanks. - Jordan From: Matt Dillon Subject: Re: Fwd: Multiple vendor 'Taylor UUCP' problems. Date: Sat, 8 Sep 2001 14:03:41 -0700 (PDT) > Jordan, I would like to commit this to -stable for the release, > if it isn't too late. (and -current as well). This doesn't address > the config file problems with uucp but it will prevent the root > exploit. It also prevents 'tip' from being exploited. > > -Matt > > > Index: usr.bin/tip/tip/Makefile > =================================================================== > RCS file: /home/ncvs/src/usr.bin/tip/tip/Makefile,v > retrieving revision 1.10.6.1 > diff -u -r1.10.6.1 Makefile > --- usr.bin/tip/tip/Makefile 2001/04/25 11:29:42 1.10.6.1 > +++ usr.bin/tip/tip/Makefile 2001/09/08 21:00:03 > @@ -21,11 +21,13 @@ > MAN= tip.1 modems.5 > SRCS= acu.c acutab.c cmds.c cmdtab.c cu.c hunt.c log.c partab.c \ > remote.c tip.c tipout.c value.c vars.c > +INSTALLFLAGS+= -fschg > > BINDIR?= /usr/bin > BINOWN= uucp > BINGRP= dialer > #BINMODE?= 4510 > + > > # XXX: there is some concern that `tip' in its current state shouldn't run > # SUID. If it believed it should, the mode above may still no be proper. > Index: gnu/libexec/uucp/cu/Makefile > =================================================================== > RCS file: /home/ncvs/src/gnu/libexec/uucp/cu/Makefile,v > retrieving revision 1.8 > diff -u -r1.8 Makefile > --- gnu/libexec/uucp/cu/Makefile 1999/08/27 23:33:06 1.8 > +++ gnu/libexec/uucp/cu/Makefile 2001/09/08 20:57:47 > @@ -12,6 +12,7 @@ > DPADD+= $(LIBUNIX) $(LIBUUCONF) $(LIBUUCP) > CFLAGS+= -I$(.CURDIR)/../common_sources\ > -DVERSION=\"$(VERSION)\" > +INSTALLFLAGS+= -fschg > > .include > .PATH: $(.CURDIR)/../common_sources > Index: gnu/libexec/uucp/uucp/Makefile > =================================================================== > RCS file: /home/ncvs/src/gnu/libexec/uucp/uucp/Makefile,v > retrieving revision 1.6 > diff -u -r1.6 Makefile > --- gnu/libexec/uucp/uucp/Makefile 1999/08/27 23:33:55 1.6 > +++ gnu/libexec/uucp/uucp/Makefile 2001/09/08 20:57:57 > @@ -11,6 +11,7 @@ > DPADD+= $(LIBUNIX) $(LIBUUCONF) $(LIBUUCP) > CFLAGS+= -I$(.CURDIR)/../common_sources\ > -DVERSION=\"$(VERSION)\" > +INSTALLFLAGS+= -fschg > > .include > .PATH: $(.CURDIR)/../common_sources > Index: gnu/libexec/uucp/uuname/Makefile > =================================================================== > RCS file: /home/ncvs/src/gnu/libexec/uucp/uuname/Makefile,v > retrieving revision 1.5 > diff -u -r1.5 Makefile > --- gnu/libexec/uucp/uuname/Makefile 1999/08/27 23:33:58 1.5 > +++ gnu/libexec/uucp/uuname/Makefile 2001/09/08 20:58:14 > @@ -11,7 +11,7 @@ > DPADD+= $(LIBUNIX) $(LIBUUCONF) $(LIBUUCP) > CFLAGS+= -I$(.CURDIR)/../common_sources\ > -DVERSION=\"$(VERSION)\" > - > +INSTALLFLAGS+= -fschg > > .include > .PATH: $(.CURDIR)/../common_sources > Index: gnu/libexec/uucp/uustat/Makefile > =================================================================== > RCS file: /home/ncvs/src/gnu/libexec/uucp/uustat/Makefile,v > retrieving revision 1.5 > diff -u -r1.5 Makefile > --- gnu/libexec/uucp/uustat/Makefile 1999/08/27 23:34:02 1.5 > +++ gnu/libexec/uucp/uustat/Makefile 2001/09/08 20:58:21 > @@ -13,6 +13,7 @@ > CFLAGS+= -I$(.CURDIR)/../common_sources\ > -DOWNER=\"$(owner)\"\ > -DVERSION=\"$(VERSION)\" > +INSTALLFLAGS+= -fschg > > .include > .PATH: $(.CURDIR)/../common_sources > Index: gnu/libexec/uucp/uux/Makefile > =================================================================== > RCS file: /home/ncvs/src/gnu/libexec/uucp/uux/Makefile,v > retrieving revision 1.6 > diff -u -r1.6 Makefile > --- gnu/libexec/uucp/uux/Makefile 1999/08/27 23:34:05 1.6 > +++ gnu/libexec/uucp/uux/Makefile 2001/09/08 20:58:25 > @@ -11,6 +11,7 @@ > DPADD+= $(LIBUNIX) $(LIBUUCONF) $(LIBUUCP) > CFLAGS+= -I$(.CURDIR)/../common_sources\ > -DVERSION=\"$(VERSION)\" > +INSTALLFLAGS+= -fschg > > .include > .PATH: $(.CURDIR)/../common_sources To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message