Date: Sat, 08 Sep 2001 19:53:03 -0600 From: "Todd C. Miller" <Todd.Miller@courtesan.com> To: Kris Kennaway <kris@obsecurity.org> Cc: "Andrey A. Chernov" <ache@nagual.pp.ru>, Matt Dillon <dillon@earth.backplane.com>, Jordan Hubbard <jkh@FreeBSD.ORG>, security@FreeBSD.ORG, audit@FreeBSD.ORG Subject: Re: Fwd: Multiple vendor 'Taylor UUCP' problems. Message-ID: <200109090153.f891r4p01038@xerxes.courtesan.com> In-Reply-To: Your message of "Sat, 08 Sep 2001 18:08:48 PDT." <20010908180848.A94567@xor.obsecurity.org> References: <5.1.0.14.0.20010908153417.0286b4b8@192.168.0.12> <200109082103.f88L3fK29117@earth.backplane.com> <20010908154617.A73143@xor.obsecurity.org> <20010908170257.A82082@xor.obsecurity.org> <20010908174304.A88816@xor.obsecurity.org> <20010909045226.A33654@nagual.pp.ru> <20010908180848.A94567@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20010908180848.A94567@xor.obsecurity.org> so spake Kris Kennaway (kris): > The vulnerability involves uucp being made to run arbitrary commands > as the uucp user through specifying a custom configuration file - see > bugtraq. There may be other problems resulting from user-specified > configuration files. I don't have time to go through the code and fix > up the revocation of privileges right now..in the meantime, this > prevents the root exploit where a user replaces a uucp-owned binary > like uustat, which is called daily by /etc/periodic. It's not clear how you would fix revocation of privileges on this since, correctly if I'm wrong, when uucp is run via uux both real and effective uids are set to uucp. As such it is not immediately obvious to me how to really make uucp safe while still allowing user configs but I'm not a UUCP guy :-) - todd To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109090153.f891r4p01038>