Date: Fri, 28 Feb 1997 02:43:34 +1100 From: David Nugent <davidn@labs.usn.blaze.net.au> To: Thomas Gellekum <thomas@ghpc8.ihf.rwth-aachen.de> Cc: Joe Greco <jgreco@solaria.sol.net>, chat@freebsd.org Subject: Re: disallow setuid root shells? Message-ID: <19970228024334.05133@usn.blaze.net.au> In-Reply-To: <199702271346.OAA12541@ghpc6.ihf.rwth-aachen.de>; from Thomas Gellekum on Feb 02, 1997 at 02:46:31PM References: <199702271255.GAA22830@solaria.sol.net> <199702271346.OAA12541@ghpc6.ihf.rwth-aachen.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Feb 02, 1997 at 02:46:31PM, Thomas Gellekum wrote: > Joe Greco wrote: > > (/home should > > be at least mounted nodev,nosuid as it may be legit for users to have > > executables and shell scripts). > > You can't be serious. ?? If you give them a shell account, that's what they get. Many of our shell users have their own scripts, whether to grep the http log to do statistical analysis of accesses to their home pages, or do some check or other, such as seeing whether they're on line, or mailing themselves, account statistics.. any number of things. I'd feel somewhat cheated if I couldn't do this where I'd paid good money for a shell account. Besides which, even if the home partition is noexec, it is easy enough to run your own scripts regardless, so it isn't any more "secure". Regards, David Nugent - Unique Computing Pty Ltd - Melbourne, Australia Voice +61-3-9791-9547 Data/BBS +61-3-9792-3507 3:632/348@fidonet davidn@freebsd.org davidn@blaze.net.au http://www.blaze.net.au/~davidn/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970228024334.05133>