Periodic security find pruning
Don Lewis
truckman at FreeBSD.org
Mon Mar 28 13:47:54 PST 2005
On 28 Mar, Eric Anderson wrote:
> Don Lewis wrote:
>
>> Why not just mount these partitions nosuid? That will cause them to be
>> automagically be skipped by the setuid security scan, and will prevent
>> the setuid bit of any executables that happen to be backed up there from
>> being honored.
>
> Because then I cannot create suid files, which means I cannot back them up..
Are you sure about that?
% df .
Filesystem 1K-blocks Used Avail Capacity Mounted on
/dev/ad0s2f 11811982 6125698 4741326 56% /home
% mount | grep home
/dev/ad0s2f on /home (ufs, local, nosuid, soft-updates)
% touch foo
% ls -l foo
-rw-r--r-- 1 dl dl 0 Mar 28 13:45 foo
% chmod 4755 foo
ls -l foo
-rwsr-xr-x 1 dl dl 0 Mar 28 13:45 foo
% uname -sr
FreeBSD 6.0-CURRENT
More information about the freebsd-current
mailing list