Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 8 Sep 2001 21:51:56 -0700 (PDT)
From:      Matt Dillon <dillon@earth.backplane.com>
To:        "Andrey A. Chernov" <ache@nagual.pp.ru>, Kris Kennaway <kris@obsecurity.org>, "Todd C. Miller" <Todd.Miller@courtesan.com>, Jordan Hubbard <jkh@FreeBSD.ORG>, security@FreeBSD.ORG, audit@FreeBSD.ORG
Subject:   Re: Fwd: Multiple vendor 'Taylor UUCP' problems.
Message-ID:  <200109090451.f894puV31109@earth.backplane.com>
References:  <20010908170257.A82082@xor.obsecurity.org> <20010908174304.A88816@xor.obsecurity.org> <20010909045226.A33654@nagual.pp.ru> <20010908180848.A94567@xor.obsecurity.org> <200109090120.f891KvM14677@xerxes.courtesan.com> <20010909054457.A34319@nagual.pp.ru> <20010908185602.B5619@xor.obsecurity.org> <20010909060144.B34519@nagual.pp.ru> <20010908191013.B5881@xor.obsecurity.org> <20010909062025.B34828@nagual.pp.ru> <20010908193252.A7066@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

    Wow.  A lot of replies on this thread!  I've read every one and would
    like to interject a couple of points if I may:

    * Regardless of security problems with the uucp binaries, it is still
      our job to protect root.

    * No binary in a standard system path (/bin, /usr/bin, /sbin, /usr/sbin)
      should be editable by non-root, no matter what.  Even if cron doesn't
      run the binary, a sysop su'd to root might, or someone from another
      user account.  'schg' accomplishes this.

    * I don't understand the person who was saying that NFS installs wouldn't
      work.  I use NFS based installs for everything, it works fine.  The
      typical method is to remotely mount /usr/src and do a local
      'make installworld', not to remotely mount the destination host and do
      the 'make installworld' with the mount as a target.

    * Several other binaries, such as 'man', are already installed noschg,
      as well as some libraries.  We aren't breaking new ground here.

    I think it's worth getting into -stable for the release, but it's Jordan's
    decision.  I *am* going to commit the schg changes to -current now since
    there does not seem to be any opposition to it.  Remember guys: security
    should always be a layered onion approach, we are not precluding additional
    fixes by making this change.

						-Matt


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109090451.f894puV31109>