Package: uucp Version: 1.07-19.3 Severity: normal Hi,
in the standard Debian installation there is -rwsr-sr-x 1 uucp dialout 244756 11. Aug 2008 /usr/lib/uucp/uucico where sgid dialout is probably used to allow for dialing modems. On the other hand there is -rw-r----- 1 root uucp 490 11. Aug 2008 /etc/uucp/passwd which also seems plausible. A problem occurs though if you have a server which accepts incoming calls and which does not use in.uucpd but rather uucico directly via inetd: uucp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/uucico -l -D Calling in will fail with uucico - - (2009-09-20 14:08:58.19 3938) ERROR: /etc/uucp/passwd: fopen: Permission denied because uucico is executed with gid dialout and cannot read /etc/uucp/passwd anymore. Wouldn't it be more appropriate to add the user uucp to group dialout instead of using a sgid binary? Otherwise /etc/uucp/passwd has to be gid dialout, but then everybody in that group can read all site passwords which might be undesirable. Kind regards, Ch. Scheurer -- System Information: Debian Release: 5.0.3 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages uucp depends on: ii bsd-mailx [mailx] 8.1.2-0.20071201cvs-3 A simple mail user agent ii cron 3.0pl1-105 management of regular background p ii cu 1.07-19.3 call up another system ii libc6 2.7-18 GNU C Library: Shared libraries ii libpam-runtime 1.0.1-5+lenny1 Runtime support for the PAM librar ii libpam0g 1.0.1-5+lenny1 Pluggable Authentication Modules l ii logrotate 3.7.1-5 Log rotation utility ii mailx 1:20071201-3 Transitional package for mailx ren ii netbase 4.34 Basic TCP/IP networking system ii openbsd-inetd [ine 0.20080125-2 The OpenBSD Internet Superserver Versions of packages uucp recommends: ii postfix 2.5.5-1.1 High-performance mail transport ag uucp suggests no packages. -- no debconf information -- Christoph Scheurer GnuPG key Id: 0x6128C6B6 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
