Re: Periodic security find pruning

From: Don Lewis <truckman_at_FreeBSD.org>
Date: Mon, 28 Mar 2005 13:47:40 -0800 (PST)
On 28 Mar, Eric Anderson wrote:
> Don Lewis wrote:
>
>> Why not just mount these partitions nosuid?   That will cause them to be
>> automagically be skipped by the setuid security scan, and will prevent
>> the setuid bit of any executables that happen to be backed up there from
>> being honored.
> 
> Because then I cannot create suid files, which means I cannot back them up..

Are you sure about that?

% df .
Filesystem  1K-blocks    Used   Avail Capacity  Mounted on
/dev/ad0s2f  11811982 6125698 4741326    56%    /home
% mount | grep home
/dev/ad0s2f on /home (ufs, local, nosuid, soft-updates)
% touch foo
% ls -l foo
-rw-r--r--  1 dl  dl  0 Mar 28 13:45 foo
% chmod 4755 foo
ls -l foo
-rwsr-xr-x  1 dl  dl  0 Mar 28 13:45 foo
% uname -sr
FreeBSD 6.0-CURRENT
Received on Mon Mar 28 2005 - 19:47:53 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:30 UTC