From owner-freebsd-stable Sun Sep 22 1:23:24 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8E45F37B401 for ; Sun, 22 Sep 2002 01:23:23 -0700 (PDT) Received: from gw.catspoiler.org (217-ip-163.nccn.net [209.79.217.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0E94E43E77 for ; Sun, 22 Sep 2002 01:23:23 -0700 (PDT) (envelope-from dl-freebsd@catspoiler.org) Received: from mousie.catspoiler.org (mousie.catspoiler.org [192.168.101.2]) by gw.catspoiler.org (8.12.5/8.12.5) with ESMTP id g8M8N7mY008228; Sun, 22 Sep 2002 01:23:10 -0700 (PDT) (envelope-from dl-freebsd@catspoiler.org) Message-Id: <200209220823.g8M8N7mY008228@gw.catspoiler.org> Date: Sun, 22 Sep 2002 01:23:07 -0700 (PDT) From: Don Lewis Subject: Re: Suggested modification to default install To: brett@lariat.org Cc: Phil@Kernick.org, anarcat@anarcat.ath.cx, freebsd-stable@FreeBSD.ORG In-Reply-To: <4.3.2.7.2.20020921224956.027c1850@localhost> MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 21 Sep, Brett Glass wrote: > Well, kinda sorta. Another way to look at it is that if BIND is sandboxed > (which it should be!) its home directory should be in the same > partition as the other home directories: /usr. By default, the FreeBSD adduser script puts home directories under /home. When set up a multi-user system, I prefer to mount the filesystem containing user home directories (and any filesystems containing publicly writable directories) nosuid. This would not work well if user's home directories reside on the /usr filesystem. Also, if users have write access to any filesystems containing suid programs, they can effectively make their own copies of the program using the ln command. If a bug is later discovered in one of these suid program and the official copy is removed and replaced, the buggy version could still be linked under someone's home directory. While we've got scripts that are run from cron that can detect this, I prefer to prevent the problem in the first place through proper system configuration. I'm not terribly enthusiastic about putting dynamic data under /usr/local. When I set up a cluster of machines, I often populate /usr/local on one machine and share it with the remainder via NFS. Unsandboxed, the static BIND configuration files should probably live in /etc and the dynamic zone files (and the default directory, which will receive any core dumps) should probably live under /var. I think it should be possible to set up a functional (but painful to reconfigure) system with / and /usr mounted read-only. My preferred way of building a sandbox is to populate it using something like nullfs so that each of its subdirectories is mounted with the appropriate options. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message