On Sat, Sep 08, 2001 at 18:54:15 -0700, Kris Kennaway wrote:
> Yeah, thats probably a good change to make. However the uucp
> vulnerability still lets e.g. arbitrary users read/modify uucp spool
> data, create files, access the uucp:dialer devices, etc.
All you mention is historical old-days uucp subsystem bad 'features', it
is not fool proff and require ethic behaviour of its users. To eliminate
this things main uucp developers must be contacted, because this things
hardly integrated in normal usage flow and can't be deattached easily.
I.e. it is not FreeBSD security problem but uucp problem (as designed).
All we need is to protect uucp binaries from modifications (via schg).
Andrey A. Chernov