From owner-freebsd-security  Mon Jan 17 18:19:49 2000
Delivered-To: freebsd-security@freebsd.org
Received: from revelex.com (revelex.com [207.61.176.194])
	by hub.freebsd.org (Postfix) with ESMTP id 94CC0150DC
	for <freebsd-security@freebsd.org>; Mon, 17 Jan 2000 18:19:47 -0800 (PST)
	(envelope-from jonf@revelex.com)
Received: from localhost (jonf@localhost)
	by revelex.com (8.9.3/8.9.3) with ESMTP id VAA13244
	for <freebsd-security@freebsd.org>; Mon, 17 Jan 2000 21:15:39 -0500 (EST)
Date: Mon, 17 Jan 2000 21:15:38 -0500 (EST)
From: Jonathan Fortin <jonf@revelex.com>
To: freebsd-security@freebsd.org
Subject: Sh(1).
Message-ID: <Pine.BSO.4.21.0001172112240.18982-100000@revelex.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


Well, we know in the previous emails that sh was the main bourne shell
on most of the unix flavors, but what good would it do to log the ppid
or deny uids, you never know which account can get compromised, and if 
someone does compromises root, your log will be edited/removed .
Better Preventing by removing suids "find / -perm -u+s", and remove
the ones you won't need.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message