Date: Mon, 4 Jun 2001 21:19:09 +0200 From: Wilko Bulte <wkb@freebie.demon.nl> To: Matthew Jacob <mjacob@feral.com> Cc: Rich Morin <rdm@cfcl.com>, hackers@freebsd.org Subject: Re: speeding up /etc/security Message-ID: <20010604211909.B1112@freebie.demon.nl> In-Reply-To: <Pine.LNX.4.21.0106041205070.3177-100000@zeppo.feral.com>; from mjacob@feral.com on Mon, Jun 04, 2001 at 12:07:19PM -0700 References: <p05100300b741879b7bc3@[192.168.168.205]> <Pine.LNX.4.21.0106041205070.3177-100000@zeppo.feral.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jun 04, 2001 at 12:07:19PM -0700, Matthew Jacob wrote:
Does /etc/security take filesystem mounted with:
nosuid Do not allow set-user-identifier or set-group-identifier
bits to take effect. Note: this option is worthless if a
public available suid or sgid wrapper like suidperl(1)
is installed on your system.
into account? If so, and the filesystems have nothing on them that
needs suid you could mount 'm this way
Just a thought,
Wilko
> That's an interesting question.
>
> A couple of ideas:
>
> a) I wonder of RWatson's ACL stuff could help here?
>
> b) This problem cries for a DMAPI type solution- you could have a daemon that
> monitors all creats/chmods and retains knowledge of the filenames for all
> SUID/SGID creats/chmods- this way /etc/security would simply summarize the
> current list and could be run any time.
>
> > /etc/security takes a number of hours to run on my system. The problem
> > is that I have some very large mounted file systems and the code to look
> > for setuid files wants to walk through them all. I recoded the check in
> > Perl, but it ran at about the same speed. I have considered reworking
> > the code to do the file systems in parallel, but I thought I should ask
> > here first. Comments? Suggestions?
> >
> > -r
> >
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message
---end of quoted text---
--
| / o / / _ Arnhem, The Netherlands email: wilko@freebsd.org
|/|/ / / /( (_) Bulte Powered by FreeBSD/[alpha,x86] http://www.freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010604211909.B1112>