Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 8 Sep 2001 19:51:26 -0700
From:      Kris Kennaway <kris@obsecurity.org>
To:        Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
Cc:        Mike Tancsa <mike@sentex.net>, "Andrey A. Chernov" <ache@nagual.pp.ru>, security@FreeBSD.ORG
Subject:   Re: Fwd: Multiple vendor 'Taylor UUCP' problems.
Message-ID:  <20010908195126.A13080@xor.obsecurity.org>
In-Reply-To: <200109090243.f892hID99147@cwsys.cwsent.com>; from Cy.Schubert@uumail.gov.bc.ca on Sat, Sep 08, 2001 at 07:42:52PM -0700
References:  <5.1.0.14.0.20010908222654.060f1ea8@192.168.0.12> <200109090243.f892hID99147@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--vtzGhvizbBRQ85DL
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Sep 08, 2001 at 07:42:52PM -0700, Cy Schubert - ITSD Open Systems G=
roup wrote:

> How about the following solution?  Install the UUCP binaries without=20
> the setuid bit set and ship a script that would enable UUCP (turn on=20
> setuid/setgid bits) for sites that need it.  Of course the script would=
=20
> print an appropriate warning that enabling UUCP could lead to=20
> compromise.

No, if we're going to do that (install binaries by default which are
useless by default) then we might as well just make it a port.  I'm
almost done with that..I should be ready to commit in half an hour or
so (I won't be removing uucp yet).

The only question is what to do with cu, which is apparently used by a
lot of people separately to uucp.  We could either leave
gnu/libexec/uucp/{cu,common_source} in place, or make it into a port
as well.

> Could not a UUCP based mail delivery system run in a jailed environment?

Probably.

Kris


--vtzGhvizbBRQ85DL
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7mtkuWry0BWjoQKURAqpPAKCU2oo8lKQ/kxahbCYXIzyrs+cNUACgo2Wa
0mP+Uan3+lteoGs3Nu9Y4zI=
=ekAl
-----END PGP SIGNATURE-----

--vtzGhvizbBRQ85DL--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010908195126.A13080>