From owner-freebsd-security  Sat Sep  8 20:49:20 2001
Delivered-To: freebsd-security@freebsd.org
Received: from obsecurity.dyndns.org (adsl-63-207-60-54.dsl.lsan03.pacbell.net [63.207.60.54])
	by hub.freebsd.org (Postfix) with ESMTP id 67DA337B401
	for <security@FreeBSD.org>; Sat,  8 Sep 2001 20:49:16 -0700 (PDT)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id EE91066D0A; Sat,  8 Sep 2001 20:49:15 -0700 (PDT)
Date: Sat, 8 Sep 2001 20:49:15 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: Kris Kennaway <kris@obsecurity.org>
Cc: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>,
	Mike Tancsa <mike@sentex.net>,
	"Andrey A. Chernov" <ache@nagual.pp.ru>, security@FreeBSD.org
Subject: Re: Fwd: Multiple vendor 'Taylor UUCP' problems.
Message-ID: <20010908204915.A24987@xor.obsecurity.org>
References: <5.1.0.14.0.20010908222654.060f1ea8@192.168.0.12> <200109090243.f892hID99147@cwsys.cwsent.com> <20010908195126.A13080@xor.obsecurity.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="XsQoSWH+UP9D9v3l"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010908195126.A13080@xor.obsecurity.org>; from kris@obsecurity.org on Sat, Sep 08, 2001 at 07:51:26PM -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--XsQoSWH+UP9D9v3l
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Sep 08, 2001 at 07:51:26PM -0700, Kris Kennaway wrote:
> On Sat, Sep 08, 2001 at 07:42:52PM -0700, Cy Schubert - ITSD Open Systems=
 Group wrote:
>=20
> > How about the following solution?  Install the UUCP binaries without=20
> > the setuid bit set and ship a script that would enable UUCP (turn on=20
> > setuid/setgid bits) for sites that need it.  Of course the script would=
=20
> > print an appropriate warning that enabling UUCP could lead to=20
> > compromise.
>=20
> No, if we're going to do that (install binaries by default which are
> useless by default) then we might as well just make it a port.  I'm
> almost done with that..I should be ready to commit in half an hour or
> so (I won't be removing uucp yet).

Okay, I've committed a first cut of the freebsd-uucp port.  Anyone who
makes use of uucp, please test this and let me know if there's
anything else I should be doing to smooth the transition path from the
base system version.  Since I don't use UUCP, I might be missing
something.

Once people are happy with the port, I'll remove the uucp stuff from
the base system (leaving cu behind, probably)

Kris
--XsQoSWH+UP9D9v3l
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7mua7Wry0BWjoQKURAk0NAKCKXD98L8N5I2lDvTDCO9LvtPWQQACgh26f
051shBxomwa2VjtA4GfM3mI=
=B8S0
-----END PGP SIGNATURE-----

--XsQoSWH+UP9D9v3l--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message