From owner-freebsd-doc@FreeBSD.ORG Fri Aug 31 19:10:02 2007 Return-Path: Delivered-To: freebsd-doc@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B5C5D16A421 for ; Fri, 31 Aug 2007 19:10:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 933AB13C481 for ; Fri, 31 Aug 2007 19:10:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l7VJA2O8041240 for ; Fri, 31 Aug 2007 19:10:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l7VJA2tJ041236; Fri, 31 Aug 2007 19:10:02 GMT (envelope-from gnats) Resent-Date: Fri, 31 Aug 2007 19:10:02 GMT Resent-Message-Id: <200708311910.l7VJA2tJ041236@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-doc@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Craig Rodrigues Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 45E4716A41B for ; Fri, 31 Aug 2007 19:01:09 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 27F3013C4B5 for ; Fri, 31 Aug 2007 19:01:09 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.1/8.14.1) with ESMTP id l7VJ18vS004662 for ; Fri, 31 Aug 2007 19:01:08 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.1/8.14.1/Submit) id l7VJ18O2004661; Fri, 31 Aug 2007 19:01:08 GMT (envelope-from nobody) Message-Id: <200708311901.l7VJ18O2004661@www.freebsd.org> Date: Fri, 31 Aug 2007 19:01:08 GMT From: Craig Rodrigues To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: docs/115981: nodev mount option should be removed from documentation X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Aug 2007 19:10:02 -0000 >Number: 115981 >Category: docs >Synopsis: nodev mount option should be removed from documentation >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Fri Aug 31 19:10:02 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Craig Rodrigues >Release: FreeBSD CURRENT >Organization: >Environment: >Description: The "nodev" and "dev" mount options have been no-ops that have been silently ignored since FreeBSD 5, due to the introduction of devfs. In FreeBSD 7, if a user has these options in /etc/fstab, or does "mount -o nodev", it will result in a mount error, and that particular mount operation should fail. >How-To-Repeat: >Fix: Remove all references to "nodev" mount option in documentation. Patch attached with submission follows: Index: articles/hubs/article.sgml =================================================================== RCS file: /home/ncvs/doc/en_US.ISO8859-1/articles/hubs/article.sgml,v retrieving revision 1.64 diff -u -r1.64 article.sgml --- articles/hubs/article.sgml 30 Jun 2007 09:42:35 -0000 1.64 +++ articles/hubs/article.sgml 31 Aug 2007 18:57:09 -0000 @@ -379,7 +379,7 @@ Here is an excerpt from /etc/fstab, how to set up such a MFS: -/dev/da0s1b /anoncvstmp mfs rw,-s=786432,-b=4096,-f=512,-i=560,-c=3,-m=0,nosuid,nodev 0 0 +/dev/da0s1b /anoncvstmp mfs rw,-s=786432,-b=4096,-f=512,-i=560,-c=3,-m=0,nosuid 0 0 This is (of course) tuned a lot, and was suggested by &a.jdp;. Index: books/handbook/basics/chapter.sgml =================================================================== RCS file: /home/ncvs/doc/en_US.ISO8859-1/books/handbook/basics/chapter.sgml,v retrieving revision 1.148 diff -u -r1.148 chapter.sgml --- books/handbook/basics/chapter.sgml 6 Jul 2007 07:29:55 -0000 1.148 +++ books/handbook/basics/chapter.sgml 31 Aug 2007 18:57:52 -0000 @@ -1630,15 +1630,6 @@ - nodev - - - Do not interpret special devices on the - file system. This is a useful security option. - - - - noexec Index: books/handbook/security/chapter.sgml =================================================================== RCS file: /home/ncvs/doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml,v retrieving revision 1.313 diff -u -r1.313 chapter.sgml --- books/handbook/security/chapter.sgml 5 Jul 2007 11:00:48 -0000 1.313 +++ books/handbook/security/chapter.sgml 31 Aug 2007 18:59:07 -0000 @@ -712,9 +712,8 @@ If you have a huge amount of user disk space, it may take too long to run through every file on those partitions. In this case, - setting mount flags to disallow suid binaries and devices on those - partitions is a good idea. The nodev and - nosuid options (see &man.mount.8;) are what you + setting mount flags to disallow suid binaries is a good idea. + The nosuid option (see &man.mount.8;) is what you want to look into. You should probably scan them anyway, at least once a week, since the object of this layer is to detect a break-in attempt, whether or not the attempt succeeds. >Release-Note: >Audit-Trail: >Unformatted: