From owner-freebsd-stable  Thu Mar 28 14:19:14 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75])
	by hub.freebsd.org (Postfix) with ESMTP id 9E91137B416
	for <stable@FreeBSD.ORG>; Thu, 28 Mar 2002 14:19:00 -0800 (PST)
Received: (from brdavis@localhost)
	by odin.ac.hmc.edu (8.11.0/8.11.0) id g2SMIk805596;
	Thu, 28 Mar 2002 14:18:46 -0800
Date: Thu, 28 Mar 2002 14:18:46 -0800
From: Brooks Davis <brooks@one-eyed-alien.net>
To: Christopher Schulte <schulte+freebsd@nospam.schulte.org>
Cc: Wilko Bulte <wkb@freebie.xs4all.nl>, Alan Clegg <alan@clegg.com>,
	stable@FreeBSD.ORG
Subject: Re: sendmail_enable NONE
Message-ID: <20020328141846.B15442@Odin.AC.HMC.Edu>
References: <20020328163551.B77823@shell.wetworks.org> <20020327154948.26668.qmail@web11602.mail.yahoo.com> <20020327115442.C27253@shell.one.net> <000c01c1d5bb$38e336e0$11fd2fd8@westbend.net> <20020327200304.C43825@mail.webmonster.de> <20020328133020.B6416@hub.freebsd.org> <20020328163551.B77823@shell.wetworks.org> <20020328223826.F28059@freebie.xs4all.nl> <5.1.0.14.0.20020328154728.04ac2668@pop3s.schulte.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="lEGEL1/lMxI0MVQ2"
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <5.1.0.14.0.20020328154728.04ac2668@pop3s.schulte.org>; from schulte+freebsd@nospam.schulte.org on Thu, Mar 28, 2002 at 03:51:50PM -0600
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG


--lEGEL1/lMxI0MVQ2
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Mar 28, 2002 at 03:51:50PM -0600, Christopher Schulte wrote:
> At 10:38 PM 3/28/2002 +0100, Wilko Bulte wrote:
> >Basically: binaries sitting on a disk are harmless (but take space) as
> >long as they don't get run.
>=20
> Some local root exploits can be prevented if unused setuid binaries have=
=20
> the bit removed.  Thus if sendmail is not used (but you want to keep the=
=20
> binary around just in case) just chmod -s.

Given that the cause of the pain revolving around the 8.12 MFC was
removing the setuid bit to sendmail, these comments are just a bit
inane.

-- Brooks

--=20
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4

--lEGEL1/lMxI0MVQ2
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8o5bFXY6L6fI4GtQRAiAXAJwPoPFYLApoOIMLpCdgW3elYhT62gCeLRb/
KxtD6Z98VkKiab6fESUiAFo=
=4pq7
-----END PGP SIGNATURE-----

--lEGEL1/lMxI0MVQ2--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message