cvs commit: src/etc/periodic/security 100.chksetuid

Jacques A. Vidrine nectar at FreeBSD.org
Fri Jan 14 06:01:24 PST 2005


On Thu, Jan 13, 2005 at 01:51:32PM -0800, John-Mark Gurney wrote:
> Most nfs installs, you have control over the server, and are probably
> already running something similar on the server... If you are mounting
> "untrusted" shares, as you said, they should be mounted nosetuid or noexec,
> and if you really need it not mounted noexec, then we should provide an
> include of non-local fs's...

I was thinking of an active attacker on the network, in which case it
doesn't matter if you have control over the server or not.

Cheers,
-- 
Jacques A Vidrine / NTT/Verio
nectar at celabo.org / jvidrine at verio.net / nectar at FreeBSD.org


More information about the cvs-all mailing list