From owner-freebsd-chat Thu Feb 27 07:44:14 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id HAA02869 for chat-outgoing; Thu, 27 Feb 1997 07:44:14 -0800 (PST) Received: from labs.usn.blaze.net.au (labs.usn.blaze.net.au [203.17.53.30]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id HAA02840 for ; Thu, 27 Feb 1997 07:44:00 -0800 (PST) Received: (from davidn@localhost) by labs.usn.blaze.net.au (8.8.5/8.8.5) id CAA00320; Fri, 28 Feb 1997 02:43:35 +1100 (EST) Message-ID: <19970228024334.05133@usn.blaze.net.au> Date: Fri, 28 Feb 1997 02:43:34 +1100 From: David Nugent To: Thomas Gellekum Cc: Joe Greco , chat@freebsd.org Subject: Re: disallow setuid root shells? References: <199702271255.GAA22830@solaria.sol.net> <199702271346.OAA12541@ghpc6.ihf.rwth-aachen.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.61 In-Reply-To: <199702271346.OAA12541@ghpc6.ihf.rwth-aachen.de>; from Thomas Gellekum on Feb 02, 1997 at 02:46:31PM Sender: owner-chat@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Feb 02, 1997 at 02:46:31PM, Thomas Gellekum wrote: > Joe Greco wrote: > > (/home should > > be at least mounted nodev,nosuid as it may be legit for users to have > > executables and shell scripts). > > You can't be serious. ?? If you give them a shell account, that's what they get. Many of our shell users have their own scripts, whether to grep the http log to do statistical analysis of accesses to their home pages, or do some check or other, such as seeing whether they're on line, or mailing themselves, account statistics.. any number of things. I'd feel somewhat cheated if I couldn't do this where I'd paid good money for a shell account. Besides which, even if the home partition is noexec, it is easy enough to run your own scripts regardless, so it isn't any more "secure". Regards, David Nugent - Unique Computing Pty Ltd - Melbourne, Australia Voice +61-3-9791-9547 Data/BBS +61-3-9792-3507 3:632/348@fidonet davidn@freebsd.org davidn@blaze.net.au http://www.blaze.net.au/~davidn/