On Sun, Sep 09, 2001 at 06:01:44AM +0400, Andrey A. Chernov wrote:
> On Sat, Sep 08, 2001 at 18:56:02 -0700, Kris Kennaway wrote:
> > That doesn't protect NFS-mounted systems, and doesn't prevent
> Don't have ideas about NFS. Is schg not works there?
Actually, I think I was overstating a bit. You can't set UFS file
flags on an NFS volume, but they should work fine if already set on
the server and /usr is mounted by a client.
What will break is trying to do an installworld onto a remote NFS
volume, or installworld within a jail, since in order for that to
succeed you have to tell it not to set file flags, and that will leave
you with a local root exploit on the installed system.
> > arbitrary users from reading/modifying the UUCP spool files.
> It is bad design of UUCP, it is not our problem. Moreover, it can't be
> fixed easily without total UUCP redesign. See my prev. message explaining
> it more.