unsuiding MH's pop (was How Debian Linux could be made more secure)

To: Andreas Jellinghaus <aj@dungeon.inka.de>
Cc: debian-devel@lists.debian.org
Subject: unsuiding MH's pop (was How Debian Linux could be made more secure)
From: apharris@burrito.onshore.com (Adam P. Harris)
Date: 13 May 1998 00:35:41 -0400
Message-id: <[🔎] oa1zty949u.fsf_-_@burrito.fake>
In-reply-to: Andreas Jellinghaus's message of "Wed, 29 Apr 1998 15:26:46 +0200"
References: <19980428165045.A14460@sobolev.rhein.de> <E0yUTB2-0000Sh-00@dungeon.inka.de> <E0yUWso-0000vV-00@dungeon.inka.de>

I agree that non-essential binaries should not be setuid root; I'm
planning to contribute to this by removing setuid bit on two of the
four setuids that mh currently ships.

        suidregister -s mh /usr/bin/mh/inc root mail 2755
        suidregister -s mh /usr/bin/mh/msgchk root mail 2755

These are good and have to be setgid.

        suidregister -s mh /usr/lib/mh/popwrd root root 4755
        suidregister -s mh /usr/lib/mh/spop root root 4755

These are for the MH pop server, which is deprecated anyway; I'm
planning on shipping these but without any setuidness, and give the
user instructions on how to enable them.

Sound good?  Any MH users object?

.....A. P. Harris...apharris@onShore.com...<URL:http://www.onShore.com/>


--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: unsuiding MH's pop (was How Debian Linux could be made more secure)
  - From: Manoj Srivastava <srivasta@datasync.com>

Prev by Date: Re: Lynx-SSL
Next by Date: Re: unsuiding MH's pop (was How Debian Linux could be made more secure)
Previous by thread: Re: Date bug in exmh/mh/sendmail (don't know exactly what)?
Next by thread: Re: unsuiding MH's pop (was How Debian Linux could be made more secure)
Index(es):
- Date
- Thread