From owner-freebsd-security  Tue Jun 25 03:43:06 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id DAA13106
          for security-outgoing; Tue, 25 Jun 1996 03:43:06 -0700 (PDT)
Received: from mail.cs.tu-berlin.de (root@mail.cs.tu-berlin.de [130.149.17.13])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id DAA13097
          for <security@FreeBSD.org>; Tue, 25 Jun 1996 03:43:01 -0700 (PDT)
Received: from campa.panke.de (anonymous218.ppp.cs.tu-berlin.de [130.149.17.218]) by mail.cs.tu-berlin.de (8.6.12/8.6.12) with ESMTP id MAA26333; Tue, 25 Jun 1996 12:15:11 +0200
Received: (from wosch@localhost) by campa.panke.de (8.6.12/8.6.12) id MAA00691; Tue, 25 Jun 1996 12:01:29 +0200
Date: Tue, 25 Jun 1996 12:01:29 +0200
From: Wolfram Schneider <wosch@cs.tu-berlin.de>
Message-Id: <199606251001.MAA00691@campa.panke.de>
To: Matthew Jason White <mwhite+@CMU.EDU>
Cc: security@FreeBSD.org, Chad Shackley <chad@mercury.gaianet.net>,
        jbhunt <jbhunt@mercury.gaianet.net>
Subject: Re: I need help on this one - please help me track this guy down!
In-Reply-To: <0lnmnpy00YUp8Ea2EM@andrew.cmu.edu>
References: <Pine.BSF.3.91.960624165238.21697L-100000@mercury.gaianet.net>
	<0lnmnpy00YUp8Ea2EM@andrew.cmu.edu>
Reply-to: Wolfram Schneider <wosch@cs.tu-berlin.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-security@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

Matthew Jason White writes:
>You probably want to change the security script so that it points out
>ALL suid programs in /usr/home, /tmp, /var/tmp and /usr/tmp, or any

If you have a separate partition for /usr/home, /tmp etc. use mount
with option nosuid.

Wolfram