From owner-freebsd-security Sat Sep 8 19:44:30 2001 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 6328137B406 for ; Sat, 8 Sep 2001 19:44:27 -0700 (PDT) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id TAA07442; Sat, 8 Sep 2001 19:44:08 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda07440; Sat Sep 8 19:43:59 2001 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.6/8.9.1) id f892hxB17461; Sat, 8 Sep 2001 19:43:59 -0700 (PDT) Received: from UNKNOWN(10.1.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpda17458; Sat Sep 8 19:43:18 2001 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.6/8.9.1) id f892hID99147; Sat, 8 Sep 2001 19:43:18 -0700 (PDT) Message-Id: <200109090243.f892hID99147@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdC99141; Sat Sep 8 19:42:52 2001 X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-Sender: schubert To: Mike Tancsa Cc: "Andrey A. Chernov" , security@FreeBSD.ORG Subject: Re: Fwd: Multiple vendor 'Taylor UUCP' problems. In-reply-to: Your message of "Sat, 08 Sep 2001 22:29:13 EDT." <5.1.0.14.0.20010908222654.060f1ea8@192.168.0.12> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 08 Sep 2001 19:42:52 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In message <5.1.0.14.0.20010908222654.060f1ea8@192.168.0.12>, Mike Tancsa write s: > At 06:16 AM 9/9/2001 +0400, Andrey A. Chernov wrote: > > > > I think it's finally time to make UUCP into a port: I'll work on that > > > later tonight. > > > >Maybe. It is rarely enough used nowdays to deserve that. > > > For mail delivery to non permanently connected sites, its a damn site > better than ETRN or pop3. That being said, we have no more than 10 > customers using it still.... How about the following solution? Install the UUCP binaries without the setuid bit set and ship a script that would enable UUCP (turn on setuid/setgid bits) for sites that need it. Of course the script would print an appropriate warning that enabling UUCP could lead to compromise. Could not a UUCP based mail delivery system run in a jailed environment? How about fetchmail? Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD Ministry of Management Services Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message