Date: Thu, 27 Feb 1997 14:22:55 -0800 (PST) From: Snob Art Genre <ben@narcissus.ml.org> To: David Nugent <davidn@labs.usn.blaze.net.au> Cc: Thomas Gellekum <thomas@ghpc8.ihf.rwth-aachen.de>, Joe Greco <jgreco@solaria.sol.net>, chat@freebsd.org Subject: Re: disallow setuid root shells? Message-ID: <Pine.NEB.3.95.970227142136.13222J-100000@narcissus.ml.org> In-Reply-To: <19970228024334.05133@usn.blaze.net.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 28 Feb 1997, David Nugent wrote: > On Feb 02, 1997 at 02:46:31PM, Thomas Gellekum wrote: > > Joe Greco wrote: > > > (/home should > > > be at least mounted nodev,nosuid as it may be legit for users to have > > > executables and shell scripts). > > > > You can't be serious. > > ?? > > If you give them a shell account, that's what they get. Many > of our shell users have their own scripts, whether to grep the > http log to do statistical analysis of accesses to their home > pages, or do some check or other, such as seeing whether > they're on line, or mailing themselves, account statistics.. > any number of things. I must second this -- I have a small constellation of simple shell scripts that I bring with me wherever I go, to make my life easier. I would certainly be offended if an ISP mounted the FS containing my ~ noexec, at least if they didn't warn me before I signed up for the account. > I'd feel somewhat cheated if I couldn't do this where I'd paid > good money for a shell account. Besides which, even if the home > partition is noexec, it is easy enough to run your own scripts > regardless, so it isn't any more "secure". > > Regards, > > David Nugent - Unique Computing Pty Ltd - Melbourne, Australia > Voice +61-3-9791-9547 Data/BBS +61-3-9792-3507 3:632/348@fidonet > davidn@freebsd.org davidn@blaze.net.au http://www.blaze.net.au/~davidn/ > Ben "You have your mind on computers, it seems."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.95.970227142136.13222J-100000>