From owner-freebsd-chat  Thu Feb 27 14:24:51 1997
Return-Path: <owner-chat>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id OAA21850
          for chat-outgoing; Thu, 27 Feb 1997 14:24:51 -0800 (PST)
Received: from narcissus.ml.org (root@brosenga.Pitzer.edu [134.173.120.201])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA21845
          for <chat@freebsd.org>; Thu, 27 Feb 1997 14:24:49 -0800 (PST)
Received: from localhost (ben@localhost) by narcissus.ml.org (8.7.5/8.7.3) with SMTP id OAA13374; Thu, 27 Feb 1997 14:22:55 -0800 (PST)
Date: Thu, 27 Feb 1997 14:22:55 -0800 (PST)
From: Snob Art Genre <ben@narcissus.ml.org>
To: David Nugent <davidn@labs.usn.blaze.net.au>
cc: Thomas Gellekum <thomas@ghpc8.ihf.rwth-aachen.de>,
        Joe Greco <jgreco@solaria.sol.net>, chat@freebsd.org
Subject: Re: disallow setuid root shells?
In-Reply-To: <19970228024334.05133@usn.blaze.net.au>
Message-ID: <Pine.NEB.3.95.970227142136.13222J-100000@narcissus.ml.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-chat@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Fri, 28 Feb 1997, David Nugent wrote:

> On Feb 02, 1997 at 02:46:31PM, Thomas Gellekum wrote:
> > Joe Greco wrote:
> > >  (/home should
> > > be at least mounted nodev,nosuid as it may be legit for users to have
> > > executables and shell scripts).
> > 
> > You can't be serious.
> 
> ??
> 
> If you give them a shell account, that's what they get. Many
> of our shell users have their own scripts, whether to grep the
> http log to do statistical analysis of accesses to their home
> pages, or do some check or other, such as seeing whether
> they're on line, or mailing themselves, account statistics..
> any number of things.

I must second this -- I have a small constellation of simple shell scripts
that I bring with me wherever I go, to make my life easier.  I would
certainly be offended if an ISP mounted the FS containing my ~ noexec, at
least if they didn't warn me before I signed up for the account. 
 
> I'd feel somewhat cheated if I couldn't do this where I'd paid
> good money for a shell account. Besides which, even if the home
> partition is noexec, it is easy enough to run your own scripts
> regardless, so it isn't any more "secure".
> 
> Regards,
> 
> David Nugent - Unique Computing Pty Ltd - Melbourne, Australia
> Voice +61-3-9791-9547  Data/BBS +61-3-9792-3507  3:632/348@fidonet
> davidn@freebsd.org davidn@blaze.net.au http://www.blaze.net.au/~davidn/
> 



 Ben

"You have your mind on computers, it seems."