From owner-freebsd-isp  Mon Jan 27 22:41:31 1997
Return-Path: <owner-isp>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id WAA23707
          for isp-outgoing; Mon, 27 Jan 1997 22:41:31 -0800 (PST)
Received: from gatekeeper.tsc.tdk.com (root@gatekeeper.tsc.tdk.com [207.113.159.21])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id WAA23697
          for <freebsd-isp@freebsd.org>; Mon, 27 Jan 1997 22:41:28 -0800 (PST)
Received: from sunrise.gv.tsc.tdk.com (root@sunrise.gv.tsc.tdk.com [192.168.241.191])
          by gatekeeper.tsc.tdk.com (8.8.4/8.8.4) with ESMTP
	  id WAA02926 for <freebsd-isp@freebsd.org>; Mon, 27 Jan 1997 22:41:27 -0800 (PST)
Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194])
          by sunrise.gv.tsc.tdk.com (8.8.4/8.8.4) with ESMTP
	  id WAA23997 for <freebsd-isp@freebsd.org>; Mon, 27 Jan 1997 22:41:24 -0800 (PST)
Received: (from gdonl@localhost)
          by salsa.gv.tsc.tdk.com (8.8.4/8.8.4)
	  id WAA19513 for freebsd-isp@freebsd.org; Mon, 27 Jan 1997 22:41:23 -0800 (PST)
Date: Mon, 27 Jan 1997 22:41:23 -0800 (PST)
From: Don Lewis <Don.Lewis@tsc.tdk.com>
Message-Id: <199701280641.WAA19513@salsa.gv.tsc.tdk.com>
To: freebsd-isp@freebsd.org
Subject: /etc/security on news servers
Sender: owner-isp@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

What are folks running news servers doing to keep /etc/security from
traversing their news spools?

It's too bad we don't have ncheck, but it looks to me like the next
best thing would be to skip any filesystems mounted "nodev", and either
"nosuid" or "noexec".

There's a similar problem with /usr/libexec/locate.updatedb that
/etc/weekly runs to rebuild the location database, and you probably don't
want to use the mount flags trick here.

			---  Truck