From owner-freebsd-security  Sat Sep  8 21:52: 6 2001
Delivered-To: freebsd-security@freebsd.org
Received: from earth.backplane.com (earth-nat-cw.backplane.com [208.161.114.67])
	by hub.freebsd.org (Postfix) with ESMTP
	id 1CD7437B406; Sat,  8 Sep 2001 21:52:01 -0700 (PDT)
Received: (from dillon@localhost)
	by earth.backplane.com (8.11.6/8.11.2) id f894puV31109;
	Sat, 8 Sep 2001 21:51:56 -0700 (PDT)
	(envelope-from dillon)
Date: Sat, 8 Sep 2001 21:51:56 -0700 (PDT)
From: Matt Dillon <dillon@earth.backplane.com>
Message-Id: <200109090451.f894puV31109@earth.backplane.com>
To: "Andrey A. Chernov" <ache@nagual.pp.ru>,
	Kris Kennaway <kris@obsecurity.org>,
	"Todd C. Miller" <Todd.Miller@courtesan.com>,
	Jordan Hubbard <jkh@FreeBSD.ORG>, security@FreeBSD.ORG,
	audit@FreeBSD.ORG
Subject: Re: Fwd: Multiple vendor 'Taylor UUCP' problems.
References: <20010908170257.A82082@xor.obsecurity.org> <20010908174304.A88816@xor.obsecurity.org> <20010909045226.A33654@nagual.pp.ru> <20010908180848.A94567@xor.obsecurity.org> <200109090120.f891KvM14677@xerxes.courtesan.com> <20010909054457.A34319@nagual.pp.ru> <20010908185602.B5619@xor.obsecurity.org> <20010909060144.B34519@nagual.pp.ru> <20010908191013.B5881@xor.obsecurity.org> <20010909062025.B34828@nagual.pp.ru> <20010908193252.A7066@xor.obsecurity.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


    Wow.  A lot of replies on this thread!  I've read every one and would
    like to interject a couple of points if I may:

    * Regardless of security problems with the uucp binaries, it is still
      our job to protect root.

    * No binary in a standard system path (/bin, /usr/bin, /sbin, /usr/sbin)
      should be editable by non-root, no matter what.  Even if cron doesn't
      run the binary, a sysop su'd to root might, or someone from another
      user account.  'schg' accomplishes this.

    * I don't understand the person who was saying that NFS installs wouldn't
      work.  I use NFS based installs for everything, it works fine.  The
      typical method is to remotely mount /usr/src and do a local
      'make installworld', not to remotely mount the destination host and do
      the 'make installworld' with the mount as a target.

    * Several other binaries, such as 'man', are already installed noschg,
      as well as some libraries.  We aren't breaking new ground here.

    I think it's worth getting into -stable for the release, but it's Jordan's
    decision.  I *am* going to commit the schg changes to -current now since
    there does not seem to be any opposition to it.  Remember guys: security
    should always be a layered onion approach, we are not precluding additional
    fixes by making this change.

						-Matt


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message