From owner-cvs-all  Sun Sep  9  1:39:36 2001
Delivered-To: cvs-all@freebsd.org
Received: from Awfulhak.org (gw.Awfulhak.org [217.204.245.18])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9B46737B408; Sun,  9 Sep 2001 01:39:25 -0700 (PDT)
Received: from hak.lan.Awfulhak.org (root@hak.lan.Awfulhak.org [fec0::1:12])
	by Awfulhak.org (8.11.6/8.11.6) with ESMTP id f898dNi64180;
	Sun, 9 Sep 2001 09:39:23 +0100 (BST)
	(envelope-from brian@freebsd-services.com)
Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1])
	by hak.lan.Awfulhak.org (8.11.6/8.11.6) with ESMTP id f898dJJ14239;
	Sun, 9 Sep 2001 09:39:19 +0100 (BST)
	(envelope-from brian@freebsd-services.com)
Message-Id: <200109090839.f898dJJ14239@hak.lan.Awfulhak.org>
X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4
To: Matt Dillon <dillon@FreeBSD.org>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org,
	brian@freebsd-services.com
Subject: Re: cvs commit: src/usr.bin/tip/tip Makefile src/gnu/libexec/uucp/cu Makefile src/gnu/libexec/uucp/uucp Makefile src/gnu/libexec/uucp/uuname Makefile src/gnu/libexec/uucp/uustat Makefile src/gnu/libexec/uucp/uux Makefile 
In-Reply-To: Message from Matt Dillon <dillon@FreeBSD.org> 
   of "Sat, 08 Sep 2001 21:54:10 PDT." <200109090454.f894sAc07178@freefall.freebsd.org> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sun, 09 Sep 2001 09:39:19 +0100
From: Brian Somers <brian@freebsd-services.com>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

> dillon      2001/09/08 21:54:10 PDT
> 
>   Modified files:
>     usr.bin/tip/tip      Makefile 
>     gnu/libexec/uucp/cu  Makefile 
>     gnu/libexec/uucp/uucp Makefile 
>     gnu/libexec/uucp/uuname Makefile 
>     gnu/libexec/uucp/uustat Makefile 
>     gnu/libexec/uucp/uux Makefile 
>   Log:
>   Make sure that all non-root-owned binaries in standard system
>   paths are chflaged 'schg' to prevent exploit vectors when run
>   by cron, by a root user, or by a user other then the one owning the
>   binary.  This applies to most of the uucp binaries, cu, tip, and
>   man (man was already installed properly).
>   
>   MFC will occur when approved.
> 
>   Revision  Changes    Path
>   1.12      +2 -1      src/usr.bin/tip/tip/Makefile
>   1.9       +2 -1      src/gnu/libexec/uucp/cu/Makefile
>   1.7       +2 -1      src/gnu/libexec/uucp/uucp/Makefile
>   1.6       +2 -2      src/gnu/libexec/uucp/uuname/Makefile
>   1.6       +2 -1      src/gnu/libexec/uucp/uustat/Makefile
>   1.7       +2 -1      src/gnu/libexec/uucp/uux/Makefile

Why are you doing this ?  You need to protect the parent directories 
if you hope to protect the contents.

This just prevents foot-shooting.

-- 
Brian <brian@freebsd-services.com>                <brian@Awfulhak.org>
      http://www.freebsd-services.com/        <brian@[uk.]FreeBSD.org>
Don't _EVER_ lose your sense of humour !      <brian@[uk.]OpenBSD.org>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message