Date: Thu, 16 Dec 1999 11:43:43 -0700 From: Warner Losh <imp@village.org> To: Spidey <beaupran@iro.umontreal.ca> Cc: Robert Watson <robert+freebsd@cyrus.watson.org>, Chris England <cengland@obscurity.org>, freebsd-security@FreeBSD.ORG Subject: Re: From BugTraq - FreeBSD 3.3 xsoldier root exploit (fwd) Message-ID: <199912161843.LAA73003@harmony.village.org> In-Reply-To: Your message of "Thu, 16 Dec 1999 13:37:17 EST." <14425.12637.308602.637788@anarcat.dyndns.org> References: <14425.12637.308602.637788@anarcat.dyndns.org> <14425.12035.757889.422296@anarcat.dyndns.org> <199912160615.XAA69151@harmony.village.org> <Pine.BSF.3.96.991216091552.26813A-100000@fledge.watson.org> <199912161828.LAA72864@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <14425.12637.308602.637788@anarcat.dyndns.org> Spidey writes: : Yes. Since I've been looking at setuid's on FBSD, my primary concern's : been with the ports. I wished there could be some way to have a : variable in the Makefiles that say "NOSETUID=YES". :)) I like this, at least for PORTS. Better still would be to go through the ports and figure out if there is a lesser priv that could be granted. Right now the in tree games are setgid games, iirc, just for the high score stuff. Maybe it would be a good idea to continue this with the ports. You'd have to include a high score file in the package to make sure that normal users can't access them. : We should make a a definite list of all the setuid's in the whole port : tree. Maybe the port maintainers can give a hand? That would be useful. The ports are the least audited part of the tree. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199912161843.LAA73003>