From owner-freebsd-security  Sat Sep  8 18:23:42 2001
Delivered-To: freebsd-security@freebsd.org
Received: from winston.freebsd.org (adsl-64-173-15-98.dsl.sntc01.pacbell.net [64.173.15.98])
	by hub.freebsd.org (Postfix) with ESMTP id 2917637B406
	for <security@freebsd.org>; Sat,  8 Sep 2001 18:23:39 -0700 (PDT)
Received: from localhost (jkh@localhost [127.0.0.1])
	by winston.freebsd.org (8.11.6/8.11.6) with ESMTP id f891N4T45061;
	Sat, 8 Sep 2001 18:23:04 -0700 (PDT)
	(envelope-from jkh@freebsd.org)
To: mike@sentex.net
Cc: security@freebsd.org
Subject: Re: Fwd: Multiple vendor 'Taylor UUCP' problems.
In-Reply-To: <5.1.0.14.0.20010908211920.02949008@192.168.0.12>
References: <200109082103.f88L3fK29117@earth.backplane.com>
	<20010908181652H.jkh@freebsd.org>
	<5.1.0.14.0.20010908211920.02949008@192.168.0.12>
X-Mailer: Mew version 1.94.1 on Emacs 20.7 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20010908182304C.jkh@freebsd.org>
Date: Sat, 08 Sep 2001 18:23:04 -0700
From: Jordan Hubbard <jkh@freebsd.org>
X-Dispatcher: imput version 20000228(IM140)
Lines: 21
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

I fail to see the cited evidence I'm asking for.  Hand-waving I can
have for free.

- Jordan

From: Mike Tancsa <mike@sentex.net>
Subject: Re: Fwd: Multiple vendor 'Taylor UUCP' problems.
Date: Sat, 08 Sep 2001 21:20:53 -0400

> At 06:16 PM 9/8/2001 -0700, Jordan Hubbard wrote:
> >Hmmmm.  Stripping the suid bit I can understand, but what's really
> >bought by making it immutable?  I'm also truly loath to accept any
> >changes to -stable at this point which don't fix demonstrably critical
> >issues, so unless the security officers can cite evidence that this is
> >a significant security hole, I'm inclined to reject the change.
> >Thanks.
> 
> A local root exploit doesnt cut it ?
> 
>          ---Mike
> 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message