From owner-freebsd-current@FreeBSD.ORG Mon Mar 28 21:47:53 2005 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E344816A4CE for ; Mon, 28 Mar 2005 21:47:53 +0000 (GMT) Received: from gw.catspoiler.org (217-ip-163.nccn.net [209.79.217.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id 90AD943D1D for ; Mon, 28 Mar 2005 21:47:53 +0000 (GMT) (envelope-from truckman@FreeBSD.org) Received: from FreeBSD.org (mousie.catspoiler.org [192.168.101.2]) by gw.catspoiler.org (8.13.1/8.13.1) with ESMTP id j2SLlejM095564; Mon, 28 Mar 2005 13:47:44 -0800 (PST) (envelope-from truckman@FreeBSD.org) Message-Id: <200503282147.j2SLlejM095564@gw.catspoiler.org> Date: Mon, 28 Mar 2005 13:47:40 -0800 (PST) From: Don Lewis To: anderson@centtech.com In-Reply-To: <4248705B.3070804@centtech.com> MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii cc: freebsd-current@FreeBSD.org Subject: Re: Periodic security find pruning X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Mar 2005 21:47:54 -0000 On 28 Mar, Eric Anderson wrote: > Don Lewis wrote: > >> Why not just mount these partitions nosuid? That will cause them to be >> automagically be skipped by the setuid security scan, and will prevent >> the setuid bit of any executables that happen to be backed up there from >> being honored. > > Because then I cannot create suid files, which means I cannot back them up.. Are you sure about that? % df . Filesystem 1K-blocks Used Avail Capacity Mounted on /dev/ad0s2f 11811982 6125698 4741326 56% /home % mount | grep home /dev/ad0s2f on /home (ufs, local, nosuid, soft-updates) % touch foo % ls -l foo -rw-r--r-- 1 dl dl 0 Mar 28 13:45 foo % chmod 4755 foo ls -l foo -rwsr-xr-x 1 dl dl 0 Mar 28 13:45 foo % uname -sr FreeBSD 6.0-CURRENT