200 messages in org.freebsd.freebsd-securityKeep UUCP (Was: Re: security hole in ...| From | Sent On | Attachments |
|---|---|---|
| 134 earlier messages | ||
| Rodney W. Grimes | Jul 29, 1997 8:58 am | |
| Warner Losh | Jul 29, 1997 9:25 am | |
| Warner Losh | Jul 29, 1997 9:34 am | |
| Christopher Petrilli | Jul 29, 1997 9:52 am | |
| Jim Shankland | Jul 29, 1997 9:57 am | |
| John Dowdal | Jul 29, 1997 10:50 am | |
| Poul-Henning Kamp | Jul 29, 1997 12:05 pm | |
| Bill Pechter | Jul 29, 1997 12:29 pm | |
| Matthew Hunt | Jul 29, 1997 12:37 pm | |
| Christopher Petrilli | Jul 29, 1997 12:43 pm | |
| [Mario1-] | Jul 29, 1997 1:07 pm | |
| Garrett Wollman | Jul 29, 1997 1:07 pm | |
| [Mario1-] | Jul 29, 1997 1:14 pm | |
| sth...@nethelp.no | Jul 29, 1997 1:39 pm | |
| Jordan K. Hubbard | Jul 29, 1997 2:23 pm | |
| Vincent Poy | Jul 29, 1997 2:45 pm | |
| Vincent Poy | Jul 29, 1997 2:57 pm | |
| Vincent Poy | Jul 29, 1997 3:02 pm | |
| sth...@nethelp.no | Jul 29, 1997 3:30 pm | |
| Rocco Lucia | Jul 29, 1997 3:33 pm | |
| Vincent Poy | Jul 29, 1997 3:44 pm | |
| Aaron Bornstein | Jul 29, 1997 3:44 pm | |
| Vincent Poy | Jul 29, 1997 3:54 pm | |
| Vincent Poy | Jul 29, 1997 4:00 pm | |
| Jay D. Nelson | Jul 29, 1997 5:29 pm | |
| Adam Shostack | Jul 29, 1997 6:06 pm | |
| Gary Schrock | Jul 29, 1997 6:10 pm | |
| Adam Shostack | Jul 29, 1997 6:11 pm | |
| Michael Smith | Jul 29, 1997 6:54 pm | |
| Jay D. Nelson | Jul 29, 1997 7:58 pm | |
| Jay D. Nelson | Jul 29, 1997 8:10 pm | |
| Michael Smith | Jul 29, 1997 8:25 pm | |
| Marco Molteni | Jul 30, 1997 5:04 am | |
| James Seng | Jul 30, 1997 5:31 am | |
| Alex G. Bulushev | Jul 30, 1997 5:59 am | |
| Vincent Poy | Jul 30, 1997 6:45 am | |
| Robert Watson | Jul 30, 1997 7:03 am | |
| Nate Williams | Jul 30, 1997 7:48 am | |
| Vincent Poy | Jul 30, 1997 7:54 am | |
| Nate Williams | Jul 30, 1997 8:06 am | |
| Nate Williams | Jul 30, 1997 8:13 am | |
| Vincent Poy | Jul 30, 1997 8:28 am | |
| Vincent Poy | Jul 30, 1997 8:33 am | |
| zoonie | Jul 30, 1997 9:09 am | |
| Poul-Henning Kamp | Jul 30, 1997 9:25 am | |
| Poul-Henning Kamp | Jul 30, 1997 9:31 am | |
| John-David Childs | Jul 30, 1997 10:17 am | |
| Ian Kallen | Jul 30, 1997 10:37 am | |
| Patrick Gilbert | Jul 30, 1997 11:43 am | |
| Jay D. Nelson | Jul 30, 1997 1:52 pm | |
| [Mario1-] | Jul 30, 1997 2:06 pm | |
| Jordan K. Hubbard | Jul 30, 1997 3:53 pm | |
| Jordan K. Hubbard | Jul 30, 1997 4:04 pm | |
| yossman | Jul 30, 1997 4:20 pm | |
| Jordan K. Hubbard | Jul 30, 1997 4:24 pm | |
| Peter Korsten | Jul 30, 1997 4:43 pm | |
| Michael Smith | Jul 30, 1997 8:01 pm | |
| Cy Schubert | Jul 30, 1997 9:10 pm | |
| FreeBSD Technical Reader | Jul 30, 1997 11:18 pm | |
| Marco Molteni | Jul 31, 1997 5:24 am | |
| yossman | Jul 31, 1997 9:00 am | |
| Adam Shostack | Jul 31, 1997 9:19 am | |
| Marc Slemko | Jul 31, 1997 11:23 am | |
| Andrew | Aug 1, 1997 10:00 pm | |
| Dmitry Kohmanyuk | Aug 1, 1997 10:32 pm | |
| Philippe Regnauld | Aug 2, 1997 1:46 pm | |
| Subject: | Keep UUCP (Was: Re: security hole in FreeBSD) | |
|---|---|---|
| From: | Jay D. Nelson (jd...@qiv.com) | |
| Date: | Jul 30, 1997 1:52:17 pm | |
| List: | org.freebsd.freebsd-security | |
Sometimes I think we can be too "internet-centric" for our own good. UUCP makes good security and economic sense.
An ISP that caters to internet aficionados will have no use for UUCP. But commercial customers are showing interest because a) UUCP isolates them from the internet, providing greater security while keeping employees from `surfing', b) costs far less than the typical dedicated connection. PSInet charges $50/Mo. + $145.00 setup, I believe, and c) many of our foreign friends have no other reasonable way go.
From the ISP's perspective, a UUCP account ties up far less resources than the dedicated or ppp account. As an example, last month I transfered 12.14 Megs with a total connect time of 1.66 hours (28.8).
If I had an out-of-state long distance peer, I would have spent less than $14.00 in long distance charges. In other words, my commercial client could have one UUCP connection to a provider and serve mail to seven out-of-state offices for less than the typical dedicated 64K ISDN account.
So that is my case. I understand the desire to reduce distribution size and eliminate unused suid binaries -- but to take UUCP out seems to me equivalent to getting rid of the C compiler and development tools.
Make it an install option if you want, but leave it as a part of the standard distribution.
-- Jay
On Wed, 30 Jul 1997, James Seng wrote:
->At 09:06 PM 7/29/97 -0400, Adam Shostack wrote: ->> Let me be clear; I don't have anything against UUCP users, but ->>most people don't need it turned on. Since its parts of it are ->>setuid, (and thus potential security holes) I think its a reasonable ->>to suggest that it ship either not setuid or as an install option. -> ->I have not heard of any request for the use UUCP from my users nor is my ->UUCP binaries been used in the last few years...I think the time when lease ->line is expensive, when university work with 9,600bps (wow) connection and ->when UUCP rules the earth is over...we have to let it go and look forward. *8) -> ->I have nothing against UUCP of cos but it is always nice if we can reduce ->the base distribution size by letting some of the less often used stuff away. -> ->*cheers* -> ->-James Seng ->