conf/80907: tmpmfs default change
Giorgos Keramidas
keramida at freebsd.org
Thu May 12 13:00:31 GMT 2005
The following reply was made to PR conf/80907; it has been noted by GNATS.
From: Giorgos Keramidas <keramida at freebsd.org>
To: Caitlen <aeonflux at aeonflux.no-ip.com>
Cc: bug-followup at freebsd.org
Subject: Re: conf/80907: tmpmfs default change
Date: Thu, 12 May 2005 15:59:12 +0300
On 2005-05-11 17:38, Caitlen <aeonflux at aeonflux.no-ip.com> wrote:
> by default
> tmpmfs_flags="-S"
> When in reality
> tmpmfs_flags="-S -o nosymfollow,nosuid"
>
> would be much safer
I don't think this is really a bug, but anyway. It would probably be
safer to use:
tmpmfs_flags="-S -o noatime,noexec,nosuid,nosymfollow"
The ability to actually *use* whatever options are best for your system
is exactly why I made the original change to rc.d/tmp, but I'm not sure
if it would be good to enforce so strict permissions to everyone :-/
More information about the freebsd-bugs
mailing list