Date: Wed, 1 Dec 1999 13:21:51 -0800 From: Chris Piazza <cpiazza@jaxon.net> To: Brock Tellier <btellier@usa.net> Cc: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>, Bill Swingle <unfurl@dub.net>, security@FreeBSD.ORG Subject: Re: [Re: [btellier@USA.NET: Several FreeBSD-3.3 vulnerabilities] ] Message-ID: <19991201132151.A1226@norn.ca.eu.org> In-Reply-To: <19991201200257.17312.qmail@nwcst313.netaddress.usa.net>; from btellier@usa.net on Wed, Dec 01, 1999 at 01:02:57PM -0700 References: <19991201200257.17312.qmail@nwcst313.netaddress.usa.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 01, 1999 at 01:02:57PM -0700, Brock Tellier wrote:
>
> Personally, I don't think it is at all unreasonable to do a full 2700 port
> install via sysinstall and audit the 200 or so suid-programs. Sure, it's
> important that the others be free from symlink problems and in a few cases,
> buffer overflows, but focusing, as I did, on the suids wouldn't be
> ridiculously difficult. More than 50% of these programs could safely lose
> their suid-bit. Considering the number of people who will actually need
> "xmindpath" suid vs. the number of people who just do a full install because
Excellent. So when can we expect you to finish this project?
-Chris
--
cpiazza@jaxon.net cpiazza@FreeBSD.org
Abbotsford, BC, Canada
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991201132151.A1226>