From owner-freebsd-security Sat Sep 8 19:50:45 2001 Delivered-To: freebsd-security@freebsd.org Received: from horsey.gshapiro.net (horsey.gshapiro.net [209.220.147.178]) by hub.freebsd.org (Postfix) with ESMTP id 0C63E37B40A for ; Sat, 8 Sep 2001 19:50:42 -0700 (PDT) Received: from horsey.gshapiro.net (gshapiro@localhost [127.0.0.1]) by horsey.gshapiro.net (8.12.0/8.12.0) with ESMTP id f892ofIo005656 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Sat, 8 Sep 2001 19:50:41 -0700 (PDT) Received: (from gshapiro@localhost) by horsey.gshapiro.net (8.12.0/8.12.0/Submit) id f892ob1H005653; Sat, 8 Sep 2001 19:50:37 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15258.55549.285245.769691@horsey.gshapiro.net> Date: Sat, 8 Sep 2001 19:50:37 -0700 From: Gregory Neil Shapiro To: security@FreeBSD.ORG Subject: Re: Fwd: Multiple vendor 'Taylor UUCP' problems. In-Reply-To: <200109090243.f892hID99147@cwsys.cwsent.com> References: <5.1.0.14.0.20010908222654.060f1ea8@192.168.0.12> <200109090243.f892hID99147@cwsys.cwsent.com> X-Mailer: VM 6.95 under 21.5 (beta1) "anise" XEmacs Lucid Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Cy.Schubert> How about the following solution? Install the UUCP binaries Cy.Schubert> without the setuid bit set and ship a script that would enable Cy.Schubert> UUCP (turn on setuid/setgid bits) for sites that need it. Of Cy.Schubert> course the script would print an appropriate warning that Cy.Schubert> enabling UUCP could lead to compromise. Also, at the very least, Jordon may approve of this diff for RELENG_4 for 4.4. There is no reason for non-UUCP systems (probably most of them out there) to run these anyway. Index: periodic.conf =================================================================== RCS file: /src/FreeBSD/cvsrepo/src/etc/defaults/periodic.conf,v retrieving revision 1.7.2.8 diff -u -u -r1.7.2.8 periodic.conf --- periodic.conf 2001/07/28 11:44:22 1.7.2.8 +++ periodic.conf 2001/09/09 02:49:20 @@ -89,14 +89,14 @@ daily_news_expire_enable="YES" # Run news.expire # 340.uucp -daily_uuclean_enable="YES" # Run uuclean.daily +daily_uuclean_enable="NO" # Run uuclean.daily # 400.status-disks daily_status_disks_enable="YES" # Check disk status daily_status_disks_df_flags="-k -t nonfs" # df(1) flags for check # 410.status-uucp -daily_status_uucp_enable="YES" # Check uucp status +daily_status_uucp_enable="NO" # Check uucp status # 420.status-network daily_status_network_enable="YES" # Check network status @@ -149,7 +149,7 @@ weekly_clean_kvmdb_verbose="YES" # Mention files deleted # 300.uucp -weekly_uucp_enable="YES" # Clean uucp weekly +weekly_uucp_enable="NO" # Clean uucp weekly # 310.locate weekly_locate_enable="YES" # Update locate weekly To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message