From owner-freebsd-security Mon Mar 15 4:47:28 1999 Delivered-To: freebsd-security@freebsd.org Received: from ns1.sminter.com.ar (ns1.sminter.com.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id 2CF73154C3 for ; Mon, 15 Mar 1999 04:47:25 -0800 (PST) (envelope-from fpscha@ns1.sminter.com.ar) Received: (from fpscha@localhost) by ns1.sminter.com.ar (8.8.5/8.8.4) id JAA01091; Mon, 15 Mar 1999 09:41:29 -0300 (GMT) From: Fernando Schapachnik Message-Id: <199903151241.JAA01091@ns1.sminter.com.ar> Subject: Re: ACLs In-Reply-To: <199903140826.AAA89058@apollo.backplane.com> from Matthew Dillon at "Mar 14, 99 00:26:45 am" To: dillon@apollo.backplane.com (Matthew Dillon) Date: Mon, 15 Mar 1999 09:41:29 -0300 (GMT) Cc: dscheidt@enteract.com, unicorn@blackhats.org, freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org En un mensaje anterior, Matthew Dillon escribió: [...] > If you have your machine partitioned correctly, you do not generally > have to worry about hardlinks to system binaries ( suid or otherwise ) > as users do not have access to partitions containing them. This leads me to a question: Why not set the default (auto) file system layout to something like: / /usr /var /home /tmp This not only restrict linking problems, but also allows to specify things like noexec and nosuid on /home and /tmp at least. Regards. Fernando P. Schapachnik Administracion de la red VIA Net Works Argentina SA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message