On Sun, Sep 09, 2001 at 06:01:44AM +0400, Andrey A. Chernov wrote:
> On Sat, Sep 08, 2001 at 18:56:02 -0700, Kris Kennaway wrote:
> >
> > That doesn't protect NFS-mounted systems, and doesn't prevent
>
> Don't have ideas about NFS. Is schg not works there?
Actually, I think I was overstating a bit. You can't set UFS file
flags on an NFS volume, but they should work fine if already set on
the server and /usr is mounted by a client.
What will break is trying to do an installworld onto a remote NFS
volume, or installworld within a jail, since in order for that to
succeed you have to tell it not to set file flags, and that will leave
you with a local root exploit on the installed system.
> > arbitrary users from reading/modifying the UUCP spool files.
>
> It is bad design of UUCP, it is not our problem. Moreover, it can't be
> fixed easily without total UUCP redesign. See my prev. message explaining
> it more.
Fair enough.
Kris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE7ms+FWry0BWjoQKURAn+QAJ9y0f+N+136QeDZwgWTZeY+glk8qwCg5B3a
sC89TS409DO7yOcnIRXGvbs=
=Jt6o
-----END PGP SIGNATURE-----