On Thu, 12 Jul 2001, Portwood, Jason wrote:
> > So simple things like going into all the folders and chmod'n
> > things is a very good idea for a lil extra security.
> > along with copying /bin/sh to /tmp/
> > and chmod 0 /tmp/sh
> Wouldn't it be a better practice to just mount all the partitions that don't
> need suid as nosuid? Just off the top of my head those candidates would
Yes, it is a better practice, but in this case it doesn't help. The suid
binary you are exec(2)ing is in /bin.
bash-2.03$ mount | grep tmp
/dev/ad2s2 on /tmp (ufs, local, nosuid)
vvfreebsd. Written by Georgi Guninski
shall jump to bfbffe72
login: # done
uid=0(root) gid=1001(fgleiser) groups=1001(fgleiser)
> Is there a good reason for not doing this?
> Jason Portwood
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message