From owner-freebsd-isp  Sun Jun  7 11:53:26 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA17616
          for freebsd-isp-outgoing; Sun, 7 Jun 1998 11:53:26 -0700 (PDT)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from marta.arcom.spb.su (marta.arcom.spb.su [195.190.100.18])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA17586
          for <isp@FreeBSD.ORG>; Sun, 7 Jun 1998 11:53:12 -0700 (PDT)
          (envelope-from snar@marta.arcom.spb.su)
Received: (from snar@localhost)
	by marta.arcom.spb.su (8.8.8/t/97-Mar-14) id WAA12188;
	Sun, 7 Jun 1998 22:49:19 +0400 (MSD)
Message-ID: <19980607224919.20498@nevalink.ru>
Date: Sun, 7 Jun 1998 22:49:19 +0400
From: Alexandre Snarskii <snar@paranoia.ru>
To: Palle Girgensohn <girgen@partitur.se>,
        Wm Brian McCane <root@bmccane.maxbaud.net>
Cc: isp@FreeBSD.ORG
Subject: Re: nightly security run
References: <Pine.BSF.3.96.980607113818.4455A-100000@bmccane.maxbaud.net> <357AD97B.43A50C2E@partitur.se>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.89i
In-Reply-To: <357AD97B.43A50C2E@partitur.se>; from Palle Girgensohn on Sun, Jun 07, 1998 at 08:18:35PM +0200
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sun, Jun 07, 1998 at 08:18:35PM +0200, Palle Girgensohn wrote:
> Hello Brian,
> 
> Check out /etc/security. In there, there is a code snippet thar runs the
> find command:
> 
> MP=`mount -t ufs | grep -v " nosuid" | sed 's;/dev/;&r;' | awk '{ print
> $3 }'`
> set $MP
> while test $# -ge 1; do
> 	mount=$1
> 	shift
> 	find $mount -xdev -type f \
> 		\( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
> 		\( -perm -u+s -or -perm -g+s \)  -print0
> done | xargs -0 -n 20 ls -lTd | sort +9 > $TMP
> 
> 
> I suggest adding | grep -v "mount point of news..." to the first line if
> you have news on it's own partition, which I suppose you do, considering
> the size... :)
> I guess there are a bunch of ways to do it.

More easiest way is to mark newsspool mountpoint as nosuid, as newsspool 
should be anyway (noexec and nodev can be used too - if you dont expect
executable articles in alt/2600 :) )  :) 

-- 
Alexandre Snarskii
the source code is included

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message