From owner-freebsd-hackers  Mon Jun  4 17:12:14 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from falcon.mail.pas.earthlink.net (falcon.mail.pas.earthlink.net [207.217.120.74])
	by hub.freebsd.org (Postfix) with ESMTP id 496DD37B401
	for <hackers@FreeBSD.ORG>; Mon,  4 Jun 2001 17:12:10 -0700 (PDT)
	(envelope-from kway@overtone.org)
Received: from bean.overtone.org (user-2inimal.dialup.mindspring.com [165.121.89.85])
	by falcon.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id RAA13996;
	Mon, 4 Jun 2001 17:08:36 -0700 (PDT)
Received: by bean.overtone.org (Postfix, from userid 1001)
	id BD734317F; Mon,  4 Jun 2001 20:08:28 -0400 (EDT)
Date: Mon, 4 Jun 2001 20:08:28 -0400
From: Kevin Way <kevin.way@overtone.org>
To: Wilko Bulte <wkb@freebie.demon.nl>
Cc: hackers@FreeBSD.ORG
Subject: Re: speeding up /etc/security
Message-ID: <20010604200828.A41130@bean.overtone.org>
References: <p05100300b741879b7bc3@[192.168.168.205]> <Pine.LNX.4.21.0106041205070.3177-100000@zeppo.feral.com> <20010604211909.B1112@freebie.demon.nl>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="vkogqOf2sHV7VnPd"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010604211909.B1112@freebie.demon.nl>; from wkb@freebie.demon.nl on Mon, Jun 04, 2001 at 09:19:09PM +0200
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG


--vkogqOf2sHV7VnPd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

> Does /etc/security take filesystem mounted with:
>=20
>  nosuid  Do not allow set-user-identifier or set-group-identifier
>          bits to take effect.  Note: this option is worthless if a
>          public available suid or sgid wrapper like suidperl(1)
>          is installed on your system.
>=20
> into account? If so, and the filesystems have nothing on them that
> needs suid you could mount 'm this way

The answer there is 'sort of'.  /etc/security checks all ufs partitions
that aren't marked nosuid.  if you're using anything other than UFS
(e.g. MFS,ext2,whatever), it's not getting checked at all.

Kevin Way

--vkogqOf2sHV7VnPd
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7HCL8KxA01iDoLN4RAp9iAKC8iY8ntiS/MNS71qEFLPim0KLTyACdG/wO
GexMs5Y/r4IxSYaAy4RN2p0=
=gKsn
-----END PGP SIGNATURE-----

--vkogqOf2sHV7VnPd--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message