Bugtraq mailing list archives

Re: permissions

From: casper () fwi uva nl (Casper Dik)
Date: Tue, 17 May 94 17:26:25 +0200

/            rw,nosuid
/usr         ro
/var         rw,nosuid
/home                rw,nosuid
/tmp         rw,nosuid
/usr/local   ro


excellent thinking. Does anyone have any problems with this philosophy?
I noticed some systems around here with /sbin/su and /sbin/sulogin.
These would be disabled if the above conditions were met.
Is this a problem? Anything else break?


If you have systems with /sbin/su and /sbin/sulogin it might just
be Solaris 2.x machines.  On Solaris 2.x, nosuid is a combination of
nosuid and nodev.  Using nosuid on / sort of breaks things there.
Also, tmpfs mount in Solaris does not understand the nosuid option
which means you might end up with /tmp in /.

I have a new mount_tmpfs program for those of you interested in
nosuid /tmp for Solaris 2.3.


Casper

Current thread:

Re: permissions Bruce Barnett (May 17)
- Re: permissions Casper Dik (May 17)
- Re: permissions Howard the Energizer (May 17)
  - Re: permissions Perry E. Metzger (May 17)
    - Re: permissions Howard the Energizer (May 17)
  - Re: permissions Bruce Gingery (May 17)
- Re: permissions Daniel Azuelos (May 17)
  - Re: permissions rik.harris () vifp monash edu au (May 18)
  - bin ownership problem Brian Parent (May 18)
    - Re: bin ownership problem jmc () gnu ai mit edu (May 18)
    - Re: bin ownership problem Casper Dik (May 19)
    - Re: bin ownership problem Perry E. Metzger (May 19)

(Thread continues...)