security hole in uuq -d
Rahul Dhesi
dhesi at bsu-cs.UUCP
Mon Dec 19 03:41:39 AEST 1988
In article <43800007 at uicsrd.csrd.uiuc.edu> kai at uicsrd.csrd.uiuc.edu writes:
There is a serious security hole in the 4.3 bsd /usr/bin/uuq
program that allows everyone to delete anyone's UUCP jobs.
I recommend the following:
# chown uucp.daemon uuq
# chmod 101 uuq; chmod g+s uuq
This makes uuq set-gid to daemon. Then make sure all your uucp jobs
are in files that are readable by daemon but not writable by it.
--
Rahul Dhesi UUCP: <backbones>!{iuvax,pur-ee}!bsu-cs!dhesi
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list