From owner-cvs-all@FreeBSD.ORG Thu Jan 13 18:49:26 2005 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 21E5D16A4CE; Thu, 13 Jan 2005 18:49:26 +0000 (GMT) Received: from gw.catspoiler.org (217-ip-163.nccn.net [209.79.217.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id CA2A143D45; Thu, 13 Jan 2005 18:49:25 +0000 (GMT) (envelope-from truckman@FreeBSD.org) Received: from FreeBSD.org (mousie.catspoiler.org [192.168.101.2]) by gw.catspoiler.org (8.13.1/8.13.1) with ESMTP id j0DInEEE029957; Thu, 13 Jan 2005 10:49:18 -0800 (PST) (envelope-from truckman@FreeBSD.org) Message-Id: <200501131849.j0DInEEE029957@gw.catspoiler.org> Date: Thu, 13 Jan 2005 10:49:14 -0800 (PST) From: Don Lewis To: ceri@submonkey.net In-Reply-To: <20050113153228.GG49329@submonkey.net> MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii cc: cvs-src@FreeBSD.org cc: glebius@FreeBSD.org cc: cvs-all@FreeBSD.org cc: src-committers@FreeBSD.org Subject: Re: cvs commit: src/etc/periodic/security 100.chksetuid X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Jan 2005 18:49:26 -0000 On 13 Jan, Ceri Davies wrote: > On Thu, Jan 13, 2005 at 06:28:26PM +0300, Gleb Smirnoff wrote: >> On Thu, Jan 13, 2005 at 03:24:30PM +0000, Ceri Davies wrote: >> C> Umm, why not? If setuid binaries appear anywhere on my system then I'd >> C> like to continue to be told so that I can be confident of where they >> C> came from. I don't care if they pose an immediate threat or not. >> >> In this case "grep -v nosuid" must be removed, too, to be consistent. >> >> P.S. We have "grep -v nosuid" from the very beginning. > > Hmm. I retract my objection then, whilst retaining my reservations. I did something like this locally way back in the 2.1.x days. Running suid checks on the news spool, the squid cache, the CD-ROM changer (causing it to sometimes lock up), and a bunch of NFS clients simultaneously doing suid checks on the same NFS server got to be a drag.