From owner-freebsd-security  Mon Jul 28 15:30:45 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id PAA08160
          for security-outgoing; Mon, 28 Jul 1997 15:30:45 -0700 (PDT)
Received: from sasami.jurai.net (winter@sasami.jurai.net [207.96.1.17])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA08153
          for <security@FreeBSD.ORG>; Mon, 28 Jul 1997 15:30:42 -0700 (PDT)
Received: from localhost (winter@localhost)
	by sasami.jurai.net (8.8.5/8.8.5) with SMTP id SAA27550;
	Mon, 28 Jul 1997 18:30:29 -0400 (EDT)
Date: Mon, 28 Jul 1997 18:30:28 -0400 (EDT)
From: "Matthew N. Dodd" <winter@jurai.net>
To: Vincent Poy <vince@mail.MCESTATE.COM>
cc: security@FreeBSD.ORG, JbHunt <johnnyu@accessus.net>,
        "[Mario1-]" <mario1@PrimeNet.Com>
Subject: Re: security hole in FreeBSD
In-Reply-To: <Pine.BSF.3.95.970728152741.3844M-100000@mail.MCESTATE.COM>
Message-ID: <Pine.BSF.3.95q.970728182943.25254F-100000@sasami.jurai.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Mon, 28 Jul 1997, Vincent Poy wrote:
> On Mon, 28 Jul 1997, Matthew N. Dodd wrote:
> =)As a general rule I set all suid/sgid system executeables schg and run
> =)with securelevel set to 1 or 2.
         ^^^^^^^^^^^^^^^^^^^^^^^^^

> =)
> =)Getting rid of any unecessary suid/sgid programs would be good too.
> 
> 	That wouldn't do any good if the user can chflags noschg on the
> binaries you have schg on.

'man init'

/* 
   Matthew N. Dodd		| A memory retaining a love you had for life	
   winter@jurai.net		| As cruel as it seems nothing ever seems to
   http://www.jurai.net/~winter | go right - FLA M 3.1:53	
*/