cvs commit: src/etc/periodic/security 100.chksetuid
ceri at submonkey.net
Thu Jan 13 10:53:26 PST 2005
On Thu, Jan 13, 2005 at 10:49:14AM -0800, Don Lewis wrote:
> On 13 Jan, Ceri Davies wrote:
> > On Thu, Jan 13, 2005 at 06:28:26PM +0300, Gleb Smirnoff wrote:
> >> On Thu, Jan 13, 2005 at 03:24:30PM +0000, Ceri Davies wrote:
> >> C> Umm, why not? If setuid binaries appear anywhere on my system then I'd
> >> C> like to continue to be told so that I can be confident of where they
> >> C> came from. I don't care if they pose an immediate threat or not.
> >> In this case "grep -v nosuid" must be removed, too, to be consistent.
> >> P.S. We have "grep -v nosuid" from the very beginning.
> > Hmm. I retract my objection then, whilst retaining my reservations.
> I did something like this locally way back in the 2.1.x days. Running
> suid checks on the news spool, the squid cache, the CD-ROM changer
> (causing it to sometimes lock up), and a bunch of NFS clients
> simultaneously doing suid checks on the same NFS server got to be a
Sounds like something like chksetuid_exclude which lists mountpoints to
exclude might be in order. Any objections to me putting that together,
or are people happy with the status quo?
Only two things are infinite, the universe and human stupidity, and I'm
not sure about the former. -- Einstein (attrib.)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-src/attachments/20050113/15ec2ed5/attachment.bin
More information about the cvs-src