Date: Thu, 25 Apr 2002 05:17:05 +0200 From: Johan Karlsson <k@numeri.campus.luth.se> To: freebsd-arch@freebsd.org Subject: Re: NOSUID and NOSUID_prog make knobs Message-ID: <20020425051705.C73613@numeri.campus.luth.se> In-Reply-To: <20020424191717.A35128@dragon.nuxi.com>; from dev-null@NUXI.com on Wed, Apr 24, 2002 at 07:17:17PM -0700 References: <20020425035353.A73613@numeri.campus.luth.se> <20020424191717.A35128@dragon.nuxi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In the discussion on -security I got the impression that the granularity is wanted. There are currently 29 suid and 14 sgid bits set it Makefile:s that would be effected by this. Some of them make sence to group togather e.g. lpr, ping, etc I think it just makes more sence to provide all of them (some grouped) than to only have 1 knob for all of them. /Johan K On Wed, Apr 24, 2002 at 19:17 (-0700) +0000, David O'Brien wrote: > On Thu, Apr 25, 2002 at 03:53:53AM +0200, Johan Karlsson wrote: > > Basicly it protects the BINMODE assignment in the Makefile with > > .if !defined(NOSUID) && !defined(NOSUID_prog) > ... > > +# To avoid installing various parts with the setuid/setgid bit turned on > > +# > > +#NOSUID= true # no setuid bit for any of the below > > Either do them all, or none. This flag per binary does not scale, nor do > I see any significant portion of our userbase utilizing the granularity. -- Johan Karlsson mailto:k@numeri.campus.luth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020425051705.C73613>