From owner-freebsd-questions@FreeBSD.ORG  Fri Jan 30 09:02:09 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id DFCC916A4CE; Fri, 30 Jan 2004 09:02:09 -0800 (PST)
Received: from studnet.sk (kripel.unitra.sk [193.87.12.67])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 8F56143D31; Fri, 30 Jan 2004 09:01:35 -0800 (PST)
	(envelope-from rado@kripel.studnet.sk)
Received: from kripel.studnet.sk (rado@localhost [127.0.0.1])
	by studnet.sk (8.12.10/8.12.11) with ESMTP id i0UH0uur095991;
	Fri, 30 Jan 2004 18:00:56 +0100 (CET)
	(envelope-from rado@kripel.studnet.sk)
Received: (from rado@localhost)
	by kripel.studnet.sk (8.12.10/8.12.11/Submit) id i0UH0ubI095911;
	Fri, 30 Jan 2004 18:00:56 +0100 (CET)
	(envelope-from rado)
Date: Fri, 30 Jan 2004 18:00:55 +0100
From: Radko Keves <rado@studnet.edu.eu.org>
To: questions@freeBSD.org
Message-ID: <20040130170055.GA74447@studnet.edu.eu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
User-Agent: Mutt/1.5.5.1i
X-Spam-Status: No, hits=0.0 required=3.0 tests=none autolearn=no version=2.61
X-Spam-Checker-Version: SpamAssassin 2.60-cvs (1.188-2003-05-24-exp) on 
	kripel.studnet.sk
cc: security@freeBSD.org
Subject: FreeBSD Security Advisory FreeBSD-SA-04:01.mksnap_ffs part 2
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jan 2004 17:02:10 -0000

hi

i read FreeBSD Security Advisory FreeBSD-SA-04:01.mksnap_ffs

and have question about this workaround:

/bin/rm /sbin/mksnap_ffs

isn't better to do:
/bin/chmod u-s /sbin/mksnap_ffs

i think that suid flag is dangerous on this program not program as is
and when suid flag is down program is clear for everyone except root

if is dangerous program, so erase it isn't good workaround, because
every user can compile mksnap_ffs from source but suid flag can give
only root

thank and bye
-- 
"The ancient Greeks' concept of a ``personal daemon'' was similar to 
the modern concept of a ``guardian angel'' --- ``eudaemonia'' is the 
state of being helped or protected by a kindly spirit. As a rule, 
UNIX systems seem to be infested with both daemons and demons." 
[Evi Nemeth]