From owner-freebsd-security Thu Mar 28 4:40:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from walter.dfmm.org (walter.dfmm.org [209.151.233.240]) by hub.freebsd.org (Postfix) with ESMTP id C6C7E37B41C for ; Thu, 28 Mar 2002 04:40:40 -0800 (PST) Received: (qmail 64362 invoked by uid 1000); 28 Mar 2002 12:40:40 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 28 Mar 2002 12:40:40 -0000 Date: Thu, 28 Mar 2002 04:40:31 -0800 (PST) From: Jason Stone X-X-Sender: To: Subject: make world and setuid bits In-Reply-To: <20020328131303.F98036-100000@axis.tdd.lt> Message-ID: <20020328043119.V5333-100000@walter> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Are there make variables that can be set to prevent "make world" from installing binaries as setuid? Currently, I always run something like "find -perms -4000 | xargs chmod u-s" after doing a make world, but this seems inelegant, prone to human error, and dangerous as there's a (potentially quite long) period in which there are still many setuid binaries.... make options to allow the prevention of "setuid root", "all setuid", or "all setuid and all setgid" would be nice. -Jason ----------------------------------------------------------------------- I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE8ow9IswXMWWtptckRAkZYAJ9S6Cchf5Cz8rtqAkjjYTp/GBCvdQCfbYx6 L1AGZQV/R96Shfpl9C383Fc= =NwdP -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message