From owner-freebsd-security Sun Mar 2 00:21:24 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id AAA28746 for security-outgoing; Sun, 2 Mar 1997 00:21:24 -0800 (PST) Received: from obiwan.aceonline.com.au (obiwan.aceonline.com.au [203.103.90.67]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id AAA28740 for ; Sun, 2 Mar 1997 00:21:19 -0800 (PST) Received: from localhost (adrian@localhost) by obiwan.aceonline.com.au (8.8.5/8.8.5) with SMTP id WAA02064; Sun, 2 Mar 1997 22:24:28 +0800 (WST) Date: Sun, 2 Mar 1997 22:24:27 +0800 (WST) From: Adrian Chadd To: Joerg Wunsch cc: dillon@best.net, security@freebsd.org Subject: Re: disallow setuid root shells? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > As Matt Dillon wrote: > > > One thing I would like to see is a mount flag to disable suid-root and > > sgid-wheel binaries, but allow suid-(nonroot) and sgid-(nonwheel) > > binaries. Probably any ISP who runs shell accounts would love an > > option like that. > > For what reason? The users normally don't have a need to create > setuid programs, so why can't you mount /home nosuid? OTOH, system > partitions (like /usr) are required to allow suid root binaries > anyway. > > Btw., suidperl should honor the nosuid flag. > Well, thinking about it, thats right - thinking about the "bin" group owning most binaries, if you can't get a root suid shell, get a "bin" one *grin*. mounting /usr/home nosuid and noexec is a bloody execellent security thing IMHO. Cya. Adrian