Date: Sun, 9 Sep 2001 06:16:01 +0400 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Kris Kennaway <kris@obsecurity.org> Cc: "Todd C. Miller" <Todd.Miller@courtesan.com>, Matt Dillon <dillon@earth.backplane.com>, Jordan Hubbard <jkh@FreeBSD.ORG>, security@FreeBSD.ORG, audit@FreeBSD.ORG Subject: Re: Fwd: Multiple vendor 'Taylor UUCP' problems. Message-ID: <20010909061601.A34828@nagual.pp.ru> In-Reply-To: <20010908190700.A5881@xor.obsecurity.org> References: <200109082103.f88L3fK29117@earth.backplane.com> <20010908154617.A73143@xor.obsecurity.org> <20010908170257.A82082@xor.obsecurity.org> <20010908174304.A88816@xor.obsecurity.org> <20010909045226.A33654@nagual.pp.ru> <20010908180848.A94567@xor.obsecurity.org> <200109090120.f891KvM14677@xerxes.courtesan.com> <20010908185415.A5619@xor.obsecurity.org> <20010909055903.A34519@nagual.pp.ru> <20010908190700.A5881@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Sat, Sep 08, 2001 at 19:07:00 -0700, Kris Kennaway wrote: > > I.e. it is not FreeBSD security problem but uucp problem (as designed). > > All we need is to protect uucp binaries from modifications (via schg). > > Hmm. These flaws in the UUCP suite need to be documented, then. The are documented (read docs :-) not as 'flaws' but as normal functionality. By specifying the same system as anybody else you can easily create havoc there, but UUCP assume that it is 'never happens' or handled by system admin reactions. Users that have uucp access treated as one team, not enemies. > I think it's finally time to make UUCP into a port: I'll work on that > later tonight. Maybe. It is rarely enough used nowdays to deserve that. -- Andrey A. Chernov http://ache.pp.ru/ [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia iQCVAwUBO5rQ4eJgpPLZnQjrAQGnpQQA3YL/ntWxnFyDfMSfibmHcLsuYwlrxfg/ 6Xg+9cVgPa6Ws1ZRTuU+gwOz0wT9hutSR62JvZ26rlI4rG+in1HPIuPrbuBkRMj/ bZEj5bQ1/6KAAx1gihXkCFfcpNX8b/Uijczz7jhNZxlHbjb3FBfa5zmk46WHaUj/ 5KnvVcXkTxY= =bgyD -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010909061601.A34828>