Date: Thu, 27 Feb 97 6:55:03 CST From: Joe Greco <jgreco@solaria.sol.net> To: adrian@obiwan.aceonline.com.au (Adrian Chadd) Cc: joerg_wunsch@uriah.heep.sax.de, adrian@cougar.aceonline.com.au, marcs@znep.com, hackers@FreeBSD.ORG, auditors@FreeBSD.ORG Subject: Re: disallow setuid root shells? Message-ID: <199702271255.GAA22830@solaria.sol.net> In-Reply-To: <Pine.BSF.3.95q.960111011311.7014A-100000@obiwan.aceonline.com.au> from "Adrian Chadd" at Jan 11, 96 01:18:18 am
next in thread | previous in thread | raw e-mail | index | archive | help
> For the record, I'm mounting/usr/home, /tmp, /var/spool/mail (and anything > else they have r/w access to) as non-executable, making internal exploits > run on the local box nearly impossible to run (any ideas how you could > overflow something in perl / *sh ? :) This, incidentally, is a pretty good strategy. Filesystems where there shouldn't be executables should be mounted nodev,noexec,nosuid (/home should be at least mounted nodev,nosuid as it may be legit for users to have executables and shell scripts). Included, I think, should be all of /var - not just var/spool/mail. I don't (yet) do this myself, but am thinking of it as I have yet to see a reason not to do it. Maybe it could become "standard"...? Comments? ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/342-4847
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702271255.GAA22830>