Date: Fri, 14 Jan 2005 08:01:22 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: John-Mark Gurney <gurney_j@resnet.uoregon.edu> Cc: src-committers@FreeBSD.org Subject: Re: cvs commit: src/etc/periodic/security 100.chksetuid Message-ID: <20050114140122.GC8477@lum.celabo.org> In-Reply-To: <20050113215132.GM19624@funkthat.com> References: <20050113153228.GG49329@submonkey.net> <200501131849.j0DInEEE029957@gw.catspoiler.org> <20050113185323.GI49329@submonkey.net> <20050113190755.GA24939@orion.daedalusnetworks.priv> <20050113193413.GL19624@funkthat.com> <20050113204154.GA829@gothmog.gr> <20050113205528.GA83599@hellblazer.celabo.org> <20050113215132.GM19624@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jan 13, 2005 at 01:51:32PM -0800, John-Mark Gurney wrote: > Most nfs installs, you have control over the server, and are probably > already running something similar on the server... If you are mounting > "untrusted" shares, as you said, they should be mounted nosetuid or noexec, > and if you really need it not mounted noexec, then we should provide an > include of non-local fs's... I was thinking of an active attacker on the network, in which case it doesn't matter if you have control over the server or not. Cheers, -- Jacques A Vidrine / NTT/Verio nectar@celabo.org / jvidrine@verio.net / nectar@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050114140122.GC8477>