From owner-freebsd-security  Thu Jul 12 12: 6:21 2001
Delivered-To: freebsd-security@freebsd.org
Received: from foghorn.strategicit.net (exchange.strategicit.net [207.17.172.204])
	by hub.freebsd.org (Postfix) with ESMTP id 36D5937B401
	for <security@FreeBSD.ORG>; Thu, 12 Jul 2001 12:06:18 -0700 (PDT)
	(envelope-from JPortwood@strategicit.net)
Received: by exchange.strategicit.net with Internet Mail Service (5.5.2650.21)
	id <3TMQKH8R>; Thu, 12 Jul 2001 15:08:33 -0400
Message-ID: <6381A6A8826BD31199500090279CAFBA2BD50E@exchange.strategicit.net>
From: "Portwood, Jason" <JPortwood@strategicit.net>
To: "'security@FreeBSD.ORG'" <security@FreeBSD.ORG>
Subject: RE: FreeBSD 4.3 local root PREVENTIONS
Date: Thu, 12 Jul 2001 15:08:31 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> 
> 
> So simple things like going into all the folders and chmod'n 
> things is a very good idea for a lil extra security.
> 
> along with copying /bin/sh to /tmp/
> and chmod 0 /tmp/sh
> 

Wouldn't it be a better practice to just mount all the partitions that don't
need suid as nosuid?  Just off the top of my head those candidates would
be  

/tmp
/home
/var

Is there a good reason for not doing this?

Jason Portwood  
jason@iac.net


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message