Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!uwm.edu!zaphod.mps.ohio-state.edu!wuarchive!udel!brahms.udel.edu!weave From: weave@brahms.udel.edu (Ken Weaverling) Newsgroups: comp.unix.admin Subject: cops security report questions Keywords: cops uudecode uucp security Message-ID: <17778@brahms.udel.edu> Date: 17 Jan 91 02:42:42 GMT Distribution: na Organization: University of Delaware Lines: 32 Just got the latest cops package and installed it on my system. It pointed out quite a few things, some of which I have questions on why... First, the prelims. The systems are AT&T Sys V/386 boxes. These boxes are NOT on the net yet, the account I'm posting on is a student account at the U of Del. (So if I have a glaring problem, don't think you can exploit it! :-) 1) Disk devices world readable. I can understand why this is a problem. I have already changed this but was wondering why the manufacturer (Prime) shipped it with the disk devices as 644... 2) "uudecode creates set uid files" OK, I checked this and it will create a 4755 file, but owned by me. (uudecode is NOT setuid to uucp). Why is this a problem? I got source to uude/encode from uunet a year or two ago and compiled it. It isn't a vendor supplied program on this box. 3) /usr/spool/uucp and /usr/spool/uucppublic are 777... OK, this looks weird even to a thick person like me. But this is how it was shipped. Is there a reason to the madness here? All programs that I can think of that need to get in there (uucico, uux, etc) are setuid to uucp, so I see no need for it to be 777. Would changing to 775 or 770 break anything (I am running HDB uucp...) I really appreciate this program. Being force to be a jack-of-all trades (admin for UNIX, PRIMOS, MS/DOS, and MACINTOSH networks) I really appreciate any help available. Thanks for any help (and happy World War III -- let's pray it's a quick and not too bloody one and that some good will come out of this in the end...) -- >>>---> Ken Weaverling >>>----> weave@brahms.udel.edu