Let me be clear; I don't have anything against UUCP users, but most people don't need it turned on. Since its parts of it are setuid, (and thus potential security holes) I think its a reasonable to suggest that it ship either not setuid or as an install option.

Yes idiots will hurt themselves. Should we try to make FreeBSD reasonably secure? I think so. I think a good metric to use is don't install uncommon services by default, require some action to turn them on.

Adam

Jay D. Nelson wrote: | Sorry -- I guess I'm old fart hold outs. I use uucp and many of my clients | use uucp. From what I see, UUCP use is growing even though these machines | never show up in the maps. I think uucp will grow even more. | | Perhaps the best approach, if you really want to take it out of the | standard distribution, is to make it an option at install time. Those that | don't know what it is won't install it anyway. | | Idiots will blow their feet of no matter how hard you try to protect them. | All you will accomplish, if you take it out of the distribution, is | force the idiots to use rm * instead and force me to go to MIT to get | and install UUCP. | | -- Jay | | On Tue, 29 Jul 1997, Adam Shostack wrote: | | ->Robert Watson wrote: | ->| On Mon, 28 Jul 1997, Adam Shostack wrote: | ->| | ->| > Vincent Poy wrote: | ->| > | ->| > su really should be setuid. Everything else is debatable. My | ->| > advice is to turn off all setuid bits except those you know you need | ->| > (possibly w, who, ps, ping, at, passwd) | -> | ->| Several mail delivery programs (mail.local, sendmail, uucp-stuff, etc) | ->| require root access to delivery to local mailboxes; crontab related stuff, | ->| terminal locking, some kerberos commands, local XWindows servers, and su | ->| all rely on suid. | -> | ->I know no one who still runs uucp. There are a few holdouts, but most | ->systems can leave uucp off with no pain. Ditto with kerberos. :)