conf/80907: tmpmfs default change
aeonflux
aeonflux at aeonflux.no-ip.com
Thu May 12 17:10:07 GMT 2005
The following reply was made to PR conf/80907; it has been noted by GNATS.
From: aeonflux <aeonflux at aeonflux.no-ip.com>
To: Giorgos Keramidas <keramida at freebsd.org>
Cc: bug-followup at freebsd.org
Subject: Re: conf/80907: tmpmfs default change
Date: Thu, 12 May 2005 14:03:28 -0300
On May 12, 2005 09:59 am, Giorgos Keramidas wrote:
> On 2005-05-11 17:38, Caitlen <aeonflux at aeonflux.no-ip.com> wrote:
> > by default
> > tmpmfs_flags="-S"
> > When in reality
> > tmpmfs_flags="-S -o nosymfollow,nosuid"
> >
> > would be much safer
>
> I don't think this is really a bug, but anyway. It would probably be
> safer to use:
>
> tmpmfs_flags="-S -o noatime,noexec,nosuid,nosymfollow"
>
> The ability to actually *use* whatever options are best for your system
> is exactly why I made the original change to rc.d/tmp, but I'm not sure
> if it would be good to enforce so strict permissions to everyone :-/
Good point, but I do think a nosymfollow is a good default. There's really no
reason to allow /tmp symlink race conditions to happen. SInce it's a memory
fs, disabling atime doesn't really make a big difference.
Anyways just a suggestion, I'll be definitely setting nosymfollow on my
machine here.
More information about the freebsd-bugs
mailing list