Date: Mon, 28 Mar 2005 13:47:40 -0800 (PST) From: Don Lewis <truckman@FreeBSD.org> To: anderson@centtech.com Cc: freebsd-current@FreeBSD.org Subject: Re: Periodic security find pruning Message-ID: <200503282147.j2SLlejM095564@gw.catspoiler.org> In-Reply-To: <4248705B.3070804@centtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 28 Mar, Eric Anderson wrote: > Don Lewis wrote: > >> Why not just mount these partitions nosuid? That will cause them to be >> automagically be skipped by the setuid security scan, and will prevent >> the setuid bit of any executables that happen to be backed up there from >> being honored. > > Because then I cannot create suid files, which means I cannot back them up.. Are you sure about that? % df . Filesystem 1K-blocks Used Avail Capacity Mounted on /dev/ad0s2f 11811982 6125698 4741326 56% /home % mount | grep home /dev/ad0s2f on /home (ufs, local, nosuid, soft-updates) % touch foo % ls -l foo -rw-r--r-- 1 dl dl 0 Mar 28 13:45 foo % chmod 4755 foo ls -l foo -rwsr-xr-x 1 dl dl 0 Mar 28 13:45 foo % uname -sr FreeBSD 6.0-CURRENT
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200503282147.j2SLlejM095564>