Date: Sat, 8 Sep 2001 21:15:49 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Kris Kennaway <kris@obsecurity.org> Cc: "Andrey A. Chernov" <ache@nagual.pp.ru>, "Todd C. Miller" <Todd.Miller@courtesan.com>, Matt Dillon <dillon@earth.backplane.com>, Jordan Hubbard <jkh@FreeBSD.ORG>, <security@FreeBSD.ORG>, <audit@FreeBSD.ORG> Subject: Re: Fwd: Multiple vendor 'Taylor UUCP' problems. Message-ID: <20010908211441.A48947-100000@achilles.silby.com> In-Reply-To: <20010908190700.A5881@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 8 Sep 2001, Kris Kennaway wrote: > Hmm. These flaws in the UUCP suite need to be documented, then. > > I'm also very uneasy at having a local root exploited foiled only by > the setting of UFS file flags (mostly because of the NFS-mounted /usr > case). > > I think it's finally time to make UUCP into a port: I'll work on that > later tonight. > > Kris If uustat being called from the daily scripts is the exploit "vector", can't we just remove uustat from the daily scripts for now? I doubt many of us use uucp, and those that do can get along without daily stats for a little while. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010908211441.A48947-100000>