Date: Mon, 17 Sep 2001 21:28:23 -0400 From: Joe Abley <jabley@automagic.org> To: lyndon@orthanc.ab.ca Cc: kris@obsecurity.org, arch@FreeBSD.ORG Subject: Re: Moving UUCP to ports Message-ID: <20010917212822.B52922@buffoon.automagic.org> In-Reply-To: <200109180035.f8I0Z2U4034342@orthanc.ab.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
[reposted with corrected recipient addresses; bang-paths from an era long past removed with prejudice] On Mon, Sep 17, 2001 at 06:35:02PM -0600, Lyndon Nerenberg wrote: > >>>>> "Kris" == Kris Kennaway <kris@obsecurity.org> writes: > > Kris> I would like to move the UUCP suite from the base system > Kris> into ports. The UUCP utilities have a security hole which > Kris> yields user uucp access, which can currently be leverage to > Kris> obtain root access by trojaning the uucp binaries. This > Kris> security hole is believed to be basically unfixable due to > Kris> the design of UUCP: we can limit its impact, but not > Kris> eliminate it for all users. > > What's the specific bug here? It's hard to evaluate your request > without knowing the actual problem. UUCP was just (in the past week or so) removed from OpenBSD-current and into ports. I don't mean to suggest that anybody here should jump through hoops just because OpenBSD made a decision to do so; however, since it's a recent event I thought it might be newsworthy. I just saw the CVS log entries pertaining to the deUUCPification. Tracking down openbsd mailing list traffic on the subject might be useful. Joe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010917212822.B52922>