Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 28 Mar 2002 18:29:41 -0800
From:      Gregory Neil Shapiro <gshapiro@FreeBSD.ORG>
To:        Jason Stone <jason-fbsd-security@shalott.net>
Cc:        <security@FreeBSD.ORG>
Subject:   Re: make world and setuid bits
Message-ID:  <15523.53653.441767.36231@horsey.gshapiro.net>
In-Reply-To: <20020328161518.R5333-100000@walter>
References:  <20020328121850.D97841@blossom.cjclark.org> <20020328161518.R5333-100000@walter>

next in thread | previous in thread | raw e-mail | index | archive | help
>> > Are there make variables that can be set to prevent "make world" from
>> > installing binaries as setuid?

An alternative is to let buildworld (and any other ports) install things
properly but mount all of your file systems `nosuid'.  I do this on
partitions that shouldn't have set-user-ID binaries anyway:

/dev/ad0s1a	/	ufs	rw,userquota,groupquota			1 1
/dev/ad0s1b	none	swap	sw					0 0
/dev/ad0s1e	/var	ufs	rw,userquota,groupquota,nodev,nosuid	2 2
/dev/ad0s1f	/tmp	ufs	rw,userquota,groupquota,nodev,nosuid	0 2
/dev/ad0s1g	/usr	ufs	rw,userquota,groupquota,nodev		2 2
/dev/ad0s1h	/home	ufs	rw,userquota,groupquota,nodev,nosuid	2 2
/dev/cd0c	/cdrom	cd9660	ro,noauto,nodev,nosuid			0 0
proc		/proc	procfs	rw					0 0

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15523.53653.441767.36231>