From owner-freebsd-security Wed Dec 1 13:24: 1 1999 Delivered-To: freebsd-security@freebsd.org Received: from norn.ca.eu.org (cr965240-b.abtsfd1.bc.wave.home.com [24.113.19.137]) by hub.freebsd.org (Postfix) with ESMTP id E70A0150AF for ; Wed, 1 Dec 1999 13:23:55 -0800 (PST) (envelope-from cpiazza@norn.ca.eu.org) Received: by norn.ca.eu.org (Postfix, from userid 1000) id 6406C46; Wed, 1 Dec 1999 13:21:51 -0800 (PST) Date: Wed, 1 Dec 1999 13:21:51 -0800 From: Chris Piazza To: Brock Tellier Cc: "Jordan K. Hubbard" , Bill Swingle , security@FreeBSD.ORG Subject: Re: [Re: [btellier@USA.NET: Several FreeBSD-3.3 vulnerabilities] ] Message-ID: <19991201132151.A1226@norn.ca.eu.org> References: <19991201200257.17312.qmail@nwcst313.netaddress.usa.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <19991201200257.17312.qmail@nwcst313.netaddress.usa.net>; from btellier@usa.net on Wed, Dec 01, 1999 at 01:02:57PM -0700 X-Operating-System: FreeBSD 4.0-CURRENT i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Dec 01, 1999 at 01:02:57PM -0700, Brock Tellier wrote: > > Personally, I don't think it is at all unreasonable to do a full 2700 port > install via sysinstall and audit the 200 or so suid-programs. Sure, it's > important that the others be free from symlink problems and in a few cases, > buffer overflows, but focusing, as I did, on the suids wouldn't be > ridiculously difficult. More than 50% of these programs could safely lose > their suid-bit. Considering the number of people who will actually need > "xmindpath" suid vs. the number of people who just do a full install because Excellent. So when can we expect you to finish this project? -Chris -- cpiazza@jaxon.net cpiazza@FreeBSD.org Abbotsford, BC, Canada To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message