Date: Thu, 28 Mar 2002 18:29:41 -0800 From: Gregory Neil Shapiro <gshapiro@FreeBSD.ORG> To: Jason Stone <jason-fbsd-security@shalott.net> Cc: <security@FreeBSD.ORG> Subject: Re: make world and setuid bits Message-ID: <15523.53653.441767.36231@horsey.gshapiro.net> In-Reply-To: <20020328161518.R5333-100000@walter> References: <20020328121850.D97841@blossom.cjclark.org> <20020328161518.R5333-100000@walter>
next in thread | previous in thread | raw e-mail | index | archive | help
>> > Are there make variables that can be set to prevent "make world" from >> > installing binaries as setuid? An alternative is to let buildworld (and any other ports) install things properly but mount all of your file systems `nosuid'. I do this on partitions that shouldn't have set-user-ID binaries anyway: /dev/ad0s1a / ufs rw,userquota,groupquota 1 1 /dev/ad0s1b none swap sw 0 0 /dev/ad0s1e /var ufs rw,userquota,groupquota,nodev,nosuid 2 2 /dev/ad0s1f /tmp ufs rw,userquota,groupquota,nodev,nosuid 0 2 /dev/ad0s1g /usr ufs rw,userquota,groupquota,nodev 2 2 /dev/ad0s1h /home ufs rw,userquota,groupquota,nodev,nosuid 2 2 /dev/cd0c /cdrom cd9660 ro,noauto,nodev,nosuid 0 0 proc /proc procfs rw 0 0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15523.53653.441767.36231>