From owner-freebsd-questions@FreeBSD.ORG Mon Feb 13 15:21:56 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2E3D416A420 for ; Mon, 13 Feb 2006 15:21:56 +0000 (GMT) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from mail2.sea5.speakeasy.net (mail2.sea5.speakeasy.net [69.17.117.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id B698F43D5F for ; Mon, 13 Feb 2006 15:21:49 +0000 (GMT) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: (qmail 32093 invoked from network); 13 Feb 2006 15:21:48 -0000 Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org) ([66.92.78.145]) (envelope-sender ) by mail2.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 13 Feb 2006 15:21:48 -0000 Received: by be-well.ilk.org (Postfix, from userid 1147) id AAA0A28444; Mon, 13 Feb 2006 10:21:47 -0500 (EST) Sender: lowell@be-well.ilk.org To: Alex Renn References: <358523811.20060209192506@TXnet.com> <44y80jyreb.fsf@be-well.ilk.org> <597571270.20060212133505@TXnet.com> From: Lowell Gilbert Date: 13 Feb 2006 10:21:47 -0500 In-Reply-To: <597571270.20060212133505@TXnet.com> Message-ID: <44slqnl1x0.fsf@be-well.ilk.org> Lines: 34 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: freebsd-questions@freebsd.org Subject: Re: Re[2]: CD installation and file flags X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Feb 2006 15:21:56 -0000 Alex Renn writes: > Hello Lowell Gilbert! Hello! [Don't top-post, please.] > SUID/SGID files in my default installation do not have any flags set: > > $ uname -a > FreeBSD 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Thu Nov 3 09:36:13 UTC 2005 root@x64.samsco.home:/usr/obj/usr/src/sys/GENERIC i386 > $ ls -alo `which su` > -r-sr-xr-x 1 root wheel - 11992 Nov 3 08:11 /usr/bin/su > > That's why I'm asking about this. > I think there should be some flags set by default. Hmm, yes. The distribution tar files don't seem to have flags set. The tar documentation claims that it can handle file flags, but I've never tried it (the Gnu tar, which FreeBSD used until fairly recently, does not). From a quick look, the missing flags seem to be an artifact of the packaging process. Sorry about missing that earlier; flags are set on suid files by the source build/install process, and I haven't done a new install in a long time. If you source-upgrade the system, you'll get the flags set. However, if you are interested in this as a security measure, I recommend setting up your own mtree(1) specification to set the flags that *you* want. That will also allow you to use that same specification to check that the flags have remained the way you want them set. Good luck.