Date: Wed, 11 Dec 1996 08:47:31 -0800 From: Paul Traina <pst@shockwave.com> To: =?KOI8-R?Q?Andrey_Chernov=2C_=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= <ache@nagual.ru> Cc: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-ports@freefall.freebsd.org Subject: Re: cvs commit: ports/comms/kermit/patches patch-ab Message-ID: <199612111647.IAA24727@precipice.shockwave.com> In-Reply-To: Your message of "Wed, 11 Dec 1996 15:29:12 %2B0300." <Pine.BSF.3.95.961211152802.579A-100000@nagual.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
From: =?KOI8-R?Q?Andrey_Chernov=2C_=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= <a >>che@nagual.ru> Subject: Re: cvs commit: ports/comms/kermit/patches patch-ab On Wed, 11 Dec 1996, Paul Traina wrote: > That's not a security hole. If you don't like the behavior, just don't > setgid dialer the program. It is impossible, setgid needed for UUCP lock manipulations. I thought about that too. If you don't need to access the tty ports, you don't need to access the lock directory. They'll just fail, warn, and go on. Thus my conclusion, if you want kermit usable by everyone, then you make it setgid. If you want to make it usable by only folks in dialer, you don't. Either way, it's more flexible to not change out the kermit security model.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199612111647.IAA24727>