Date: Sun, 9 Sep 2001 06:04:26 +0400 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Kris Kennaway <kris@obsecurity.org> Cc: Jordan Hubbard <jkh@FreeBSD.ORG>, mike@sentex.net, security@FreeBSD.ORG Subject: Re: Fwd: Multiple vendor 'Taylor UUCP' problems. Message-ID: <20010909060426.C34519@nagual.pp.ru> In-Reply-To: <20010908190103.A5814@xor.obsecurity.org> References: <200109082103.f88L3fK29117@earth.backplane.com> <20010908181652H.jkh@freebsd.org> <5.1.0.14.0.20010908211920.02949008@192.168.0.12> <20010908182304C.jkh@freebsd.org> <20010908190103.A5814@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--c3bfwLpm8qysLVxt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Sep 08, 2001 at 19:01:03 -0700, Kris Kennaway wrote: > uucp binaries in question. uustat is executed by default by root in > /etc/periodic. uustat must be executed by 'su -m uucp' in any case. > There are other consequences of the underlying vulnerability (full > read/write access to the /var/spool/uucp directories, for example), so It can't be fixed without total UUCP redesign, it is their problem, not ours. --=20 Andrey A. Chernov http://ache.pp.ru/ --c3bfwLpm8qysLVxt Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia iQCVAwUBO5rOKuJgpPLZnQjrAQEt0wQA3fAFAPI0doie+Y9ZMBagAIJfwV/H27JP 1HJUP8/sHFQkL5odVAYdin1Z1F/b2lw/L9pwJwibpQTZQjlvEqceIA//ERch/Sdc EO1F7bp2CJfi9LlPKEKgbImCTQcN1Og4OqzbUg3nV4NmEaO+rOnPlGS2LiZXVdOt X6fv5kwnl9U= =Rv4o -----END PGP SIGNATURE----- --c3bfwLpm8qysLVxt-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010909060426.C34519>