Date: Sat, 8 Sep 2001 19:51:26 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> Cc: Mike Tancsa <mike@sentex.net>, "Andrey A. Chernov" <ache@nagual.pp.ru>, security@FreeBSD.ORG Subject: Re: Fwd: Multiple vendor 'Taylor UUCP' problems. Message-ID: <20010908195126.A13080@xor.obsecurity.org> In-Reply-To: <200109090243.f892hID99147@cwsys.cwsent.com>; from Cy.Schubert@uumail.gov.bc.ca on Sat, Sep 08, 2001 at 07:42:52PM -0700 References: <5.1.0.14.0.20010908222654.060f1ea8@192.168.0.12> <200109090243.f892hID99147@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--vtzGhvizbBRQ85DL Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Sep 08, 2001 at 07:42:52PM -0700, Cy Schubert - ITSD Open Systems G= roup wrote: > How about the following solution? Install the UUCP binaries without=20 > the setuid bit set and ship a script that would enable UUCP (turn on=20 > setuid/setgid bits) for sites that need it. Of course the script would= =20 > print an appropriate warning that enabling UUCP could lead to=20 > compromise. No, if we're going to do that (install binaries by default which are useless by default) then we might as well just make it a port. I'm almost done with that..I should be ready to commit in half an hour or so (I won't be removing uucp yet). The only question is what to do with cu, which is apparently used by a lot of people separately to uucp. We could either leave gnu/libexec/uucp/{cu,common_source} in place, or make it into a port as well. > Could not a UUCP based mail delivery system run in a jailed environment? Probably. Kris --vtzGhvizbBRQ85DL Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7mtkuWry0BWjoQKURAqpPAKCU2oo8lKQ/kxahbCYXIzyrs+cNUACgo2Wa 0mP+Uan3+lteoGs3Nu9Y4zI= =ekAl -----END PGP SIGNATURE----- --vtzGhvizbBRQ85DL-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010908195126.A13080>