From owner-freebsd-hackers Thu Feb 27 05:01:53 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id FAA24075 for hackers-outgoing; Thu, 27 Feb 1997 05:01:53 -0800 (PST) Received: from anacreon.sol.net (anacreon.sol.net [206.55.64.116]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id EAA23699; Thu, 27 Feb 1997 04:55:36 -0800 (PST) Received: from solaria.sol.net (solaria.sol.net [206.55.65.75]) by anacreon.sol.net (8.8.5/8.6.12) with SMTP id GAA18291; Thu, 27 Feb 1997 06:55:06 -0600 (CST) Received: from localhost by solaria.sol.net (8.5/8.5) id GAA22830; Thu, 27 Feb 1997 06:55:04 -0600 From: Joe Greco Message-Id: <199702271255.GAA22830@solaria.sol.net> Subject: Re: disallow setuid root shells? To: adrian@obiwan.aceonline.com.au (Adrian Chadd) Date: Thu, 27 Feb 97 6:55:03 CST Cc: joerg_wunsch@uriah.heep.sax.de, adrian@cougar.aceonline.com.au, marcs@znep.com, hackers@FreeBSD.ORG, auditors@FreeBSD.ORG In-Reply-To: from "Adrian Chadd" at Jan 11, 96 01:18:18 am X-Mailer: ELM [version 2.4dev PL65] MIME-Version: 1.0 Content-Type: text Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > For the record, I'm mounting/usr/home, /tmp, /var/spool/mail (and anything > else they have r/w access to) as non-executable, making internal exploits > run on the local box nearly impossible to run (any ideas how you could > overflow something in perl / *sh ? :) This, incidentally, is a pretty good strategy. Filesystems where there shouldn't be executables should be mounted nodev,noexec,nosuid (/home should be at least mounted nodev,nosuid as it may be legit for users to have executables and shell scripts). Included, I think, should be all of /var - not just var/spool/mail. I don't (yet) do this myself, but am thinking of it as I have yet to see a reason not to do it. Maybe it could become "standard"...? Comments? ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/342-4847