nosuid, suidperl
From: Christoph Kukulies (kuku@gilberto.physik.rwth-aachen.de)
Date: 11/13/01
- Next message: Locky: "(no subject)"
- Previous message: Greg White: "Source routed packets"
- Next in thread: Sheldon Hearn: "Re: nosuid, suidperl"
- Reply: Sheldon Hearn: "Re: nosuid, suidperl"
- Maybe reply: Magdalinin Kirill: "Re: nosuid, suidperl"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 13 Nov 2001 09:31:44 +0100 (CET) From: Christoph Kukulies <kuku@gilberto.physik.rwth-aachen.de> To: freebsd-security@freebsd.org
When mounting a CD or other removable media mounting it noexec,nosuid
should prevent from running suid programs and compromising the system.
The mount(8) manpage says:
nosuid Do not allow set-user-identifier or set-group-identifier
bits to take effect. Note: this option is worthless if a
public available suid or sgid wrapper like suidperl(1) is
installed on your system.
In howfar does this compromise security?
What can one do about it? (having suidperl in the system and having
security)
-- Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Next message: Locky: "(no subject)"
- Previous message: Greg White: "Source routed packets"
- Next in thread: Sheldon Hearn: "Re: nosuid, suidperl"
- Reply: Sheldon Hearn: "Re: nosuid, suidperl"
- Maybe reply: Magdalinin Kirill: "Re: nosuid, suidperl"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
