200 messages in org.freebsd.freebsd-securityRe: security hole in FreeBSD| From | Sent On | Attachments |
|---|---|---|
| 109 earlier messages | ||
| Vincent Poy | Jul 28, 1997 9:49 pm | |
| Jordan K. Hubbard | Jul 28, 1997 10:05 pm | |
| Vincent Poy | Jul 28, 1997 10:14 pm | |
| Gary Palmer | Jul 28, 1997 10:27 pm | |
| Gary Palmer | Jul 28, 1997 10:28 pm | |
| Vincent Poy | Jul 28, 1997 10:35 pm | |
| Vincent Poy | Jul 28, 1997 10:37 pm | |
| John-David Childs | Jul 28, 1997 10:38 pm | |
| Gary Palmer | Jul 28, 1997 10:40 pm | |
| Vincent Poy | Jul 28, 1997 10:44 pm | |
| Gary Palmer | Jul 28, 1997 10:50 pm | |
| Vincent Poy | Jul 28, 1997 10:55 pm | |
| Jordan K. Hubbard | Jul 28, 1997 10:59 pm | |
| Vincent Poy | Jul 28, 1997 11:01 pm | |
| Jordan K. Hubbard | Jul 28, 1997 11:07 pm | |
| Jordan K. Hubbard | Jul 28, 1997 11:11 pm | |
| Jordan K. Hubbard | Jul 28, 1997 11:16 pm | |
| Sergei S. Laskavy | Jul 29, 1997 12:13 am | |
| John-David Childs | Jul 29, 1997 2:09 am | |
| Narvi | Jul 29, 1997 2:48 am | |
| Stephen D. Spencer | Jul 29, 1997 3:43 am | |
| Robert Watson | Jul 29, 1997 5:32 am | |
| Adam Shostack | Jul 29, 1997 5:49 am | |
| Robert Watson | Jul 29, 1997 6:39 am | |
| Nate Williams | Jul 29, 1997 7:19 am | |
| Rodney W. Grimes | Jul 29, 1997 8:58 am | |
| Warner Losh | Jul 29, 1997 9:25 am | |
| Warner Losh | Jul 29, 1997 9:34 am | |
| Christopher Petrilli | Jul 29, 1997 9:52 am | |
| Jim Shankland | Jul 29, 1997 9:57 am | |
| John Dowdal | Jul 29, 1997 10:50 am | |
| Poul-Henning Kamp | Jul 29, 1997 12:05 pm | |
| Bill Pechter | Jul 29, 1997 12:29 pm | |
| Matthew Hunt | Jul 29, 1997 12:37 pm | |
| Christopher Petrilli | Jul 29, 1997 12:43 pm | |
| [Mario1-] | Jul 29, 1997 1:07 pm | |
| Garrett Wollman | Jul 29, 1997 1:07 pm | |
| [Mario1-] | Jul 29, 1997 1:14 pm | |
| sth...@nethelp.no | Jul 29, 1997 1:39 pm | |
| Jordan K. Hubbard | Jul 29, 1997 2:23 pm | |
| Vincent Poy | Jul 29, 1997 2:45 pm | |
| Vincent Poy | Jul 29, 1997 2:57 pm | |
| Vincent Poy | Jul 29, 1997 3:02 pm | |
| sth...@nethelp.no | Jul 29, 1997 3:30 pm | |
| Rocco Lucia | Jul 29, 1997 3:33 pm | |
| Vincent Poy | Jul 29, 1997 3:44 pm | |
| Aaron Bornstein | Jul 29, 1997 3:44 pm | |
| Vincent Poy | Jul 29, 1997 3:54 pm | |
| Vincent Poy | Jul 29, 1997 4:00 pm | |
| Jay D. Nelson | Jul 29, 1997 5:29 pm | |
| Adam Shostack | Jul 29, 1997 6:06 pm | |
| Gary Schrock | Jul 29, 1997 6:10 pm | |
| Adam Shostack | Jul 29, 1997 6:11 pm | |
| Michael Smith | Jul 29, 1997 6:54 pm | |
| Jay D. Nelson | Jul 29, 1997 7:58 pm | |
| Jay D. Nelson | Jul 29, 1997 8:10 pm | |
| Michael Smith | Jul 29, 1997 8:25 pm | |
| Marco Molteni | Jul 30, 1997 5:04 am | |
| James Seng | Jul 30, 1997 5:31 am | |
| Alex G. Bulushev | Jul 30, 1997 5:59 am | |
| Vincent Poy | Jul 30, 1997 6:45 am | |
| Robert Watson | Jul 30, 1997 7:03 am | |
| Nate Williams | Jul 30, 1997 7:48 am | |
| Vincent Poy | Jul 30, 1997 7:54 am | |
| Nate Williams | Jul 30, 1997 8:06 am | |
| Nate Williams | Jul 30, 1997 8:13 am | |
| Vincent Poy | Jul 30, 1997 8:28 am | |
| Vincent Poy | Jul 30, 1997 8:33 am | |
| zoonie | Jul 30, 1997 9:09 am | |
| Poul-Henning Kamp | Jul 30, 1997 9:25 am | |
| Poul-Henning Kamp | Jul 30, 1997 9:31 am | |
| John-David Childs | Jul 30, 1997 10:17 am | |
| Ian Kallen | Jul 30, 1997 10:37 am | |
| Patrick Gilbert | Jul 30, 1997 11:43 am | |
| Jay D. Nelson | Jul 30, 1997 1:52 pm | |
| [Mario1-] | Jul 30, 1997 2:06 pm | |
| Jordan K. Hubbard | Jul 30, 1997 3:53 pm | |
| Jordan K. Hubbard | Jul 30, 1997 4:04 pm | |
| yossman | Jul 30, 1997 4:20 pm | |
| Jordan K. Hubbard | Jul 30, 1997 4:24 pm | |
| Peter Korsten | Jul 30, 1997 4:43 pm | |
| Michael Smith | Jul 30, 1997 8:01 pm | |
| Cy Schubert | Jul 30, 1997 9:10 pm | |
| FreeBSD Technical Reader | Jul 30, 1997 11:18 pm | |
| Marco Molteni | Jul 31, 1997 5:24 am | |
| yossman | Jul 31, 1997 9:00 am | |
| Adam Shostack | Jul 31, 1997 9:19 am | |
| Marc Slemko | Jul 31, 1997 11:23 am | |
| Andrew | Aug 1, 1997 10:00 pm | |
| Dmitry Kohmanyuk | Aug 1, 1997 10:32 pm | |
| Philippe Regnauld | Aug 2, 1997 1:46 pm | |
| Subject: | Re: security hole in FreeBSD | |
|---|---|---|
| From: | Jay D. Nelson (jd...@qiv.com) | |
| Date: | Jul 29, 1997 5:29:28 pm | |
| List: | org.freebsd.freebsd-security | |
Sorry -- I guess I'm old fart hold outs. I use uucp and many of my clients use uucp. From what I see, UUCP use is growing even though these machines never show up in the maps. I think uucp will grow even more.
Perhaps the best approach, if you really want to take it out of the standard distribution, is to make it an option at install time. Those that don't know what it is won't install it anyway.
Idiots will blow their feet of no matter how hard you try to protect them. All you will accomplish, if you take it out of the distribution, is force the idiots to use rm * instead and force me to go to MIT to get and install UUCP.
-- Jay
On Tue, 29 Jul 1997, Adam Shostack wrote:
->Robert Watson wrote: ->| On Mon, 28 Jul 1997, Adam Shostack wrote: ->| ->| > Vincent Poy wrote: ->| > ->| > su really should be setuid. Everything else is debatable. My ->| > advice is to turn off all setuid bits except those you know you need ->| > (possibly w, who, ps, ping, at, passwd) -> ->| Several mail delivery programs (mail.local, sendmail, uucp-stuff, etc) ->| require root access to delivery to local mailboxes; crontab related stuff, ->| terminal locking, some kerberos commands, local XWindows servers, and su ->| all rely on suid. -> ->I know no one who still runs uucp. There are a few holdouts, but most ->systems can leave uucp off with no pain. Ditto with kerberos. :) -> ->Adam -> ->-- ->"It is seldom that liberty of any kind is lost all at once." -> -Hume -> ->