Date: Sat, 8 Sep 2001 19:50:37 -0700 From: Gregory Neil Shapiro <gshapiro@FreeBSD.ORG> To: security@FreeBSD.ORG Subject: Re: Fwd: Multiple vendor 'Taylor UUCP' problems. Message-ID: <15258.55549.285245.769691@horsey.gshapiro.net> In-Reply-To: <200109090243.f892hID99147@cwsys.cwsent.com> References: <5.1.0.14.0.20010908222654.060f1ea8@192.168.0.12> <200109090243.f892hID99147@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Cy.Schubert> How about the following solution? Install the UUCP binaries Cy.Schubert> without the setuid bit set and ship a script that would enable Cy.Schubert> UUCP (turn on setuid/setgid bits) for sites that need it. Of Cy.Schubert> course the script would print an appropriate warning that Cy.Schubert> enabling UUCP could lead to compromise. Also, at the very least, Jordon may approve of this diff for RELENG_4 for 4.4. There is no reason for non-UUCP systems (probably most of them out there) to run these anyway. Index: periodic.conf =================================================================== RCS file: /src/FreeBSD/cvsrepo/src/etc/defaults/periodic.conf,v retrieving revision 1.7.2.8 diff -u -u -r1.7.2.8 periodic.conf --- periodic.conf 2001/07/28 11:44:22 1.7.2.8 +++ periodic.conf 2001/09/09 02:49:20 @@ -89,14 +89,14 @@ daily_news_expire_enable="YES" # Run news.expire # 340.uucp -daily_uuclean_enable="YES" # Run uuclean.daily +daily_uuclean_enable="NO" # Run uuclean.daily # 400.status-disks daily_status_disks_enable="YES" # Check disk status daily_status_disks_df_flags="-k -t nonfs" # df(1) flags for check # 410.status-uucp -daily_status_uucp_enable="YES" # Check uucp status +daily_status_uucp_enable="NO" # Check uucp status # 420.status-network daily_status_network_enable="YES" # Check network status @@ -149,7 +149,7 @@ weekly_clean_kvmdb_verbose="YES" # Mention files deleted # 300.uucp -weekly_uucp_enable="YES" # Clean uucp weekly +weekly_uucp_enable="NO" # Clean uucp weekly # 310.locate weekly_locate_enable="YES" # Update locate weekly To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15258.55549.285245.769691>