NOSUID and NOSUID_prog make knobs
From: Johan Karlsson (k@numeri.campus.luth.se)
Date: 04/25/02
- Next message: Song Jeong il: "Re: FreeBSD-SA-02:22.mmap"
- Previous message: Masachika ISHIZUKA: "FreeBSD-SA-02:22.mmap"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 25 Apr 2002 03:53:53 +0200 From: Johan Karlsson <k@numeri.campus.luth.se> To: freebsd-arch@freebsd.org
[bcc -security since the discussion started there ]
Hi all,
recently a discussion about removing the setuid bit popup again
http://docs.FreeBSD.org/cgi/getmsg.cgi?fetch=166393+0+current/freebsd-security
Jason noted that it had been discussed before and also that
introducing a make knob to disable installation of
various programs with the setuid bit turned on had been proposed.
I have started to implement this and would like to know
what you think of the concept.
Attached is an untested diff for some suid/sgid programs.
Basicly it protects the BINMODE assignment in the Makefile with
.if !defined(NOSUID) && !defined(NOSUID_prog)
I have also made changes to make.conf.5 and examples/etc/make.conf
to reflect the new knobs.
Please have a look at the attached diff and let me know what you think.
If there is interest and some commiter would consider to commit
something along those lines I'm willing to make a diff for most
of the suid/sgid programs we have in the tree.
/Johan K
-- Johan Karlsson mailto:k@numeri.campus.luth.se
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- text/plain attachment: NOSUID.diff
- Next message: Song Jeong il: "Re: FreeBSD-SA-02:22.mmap"
- Previous message: Masachika ISHIZUKA: "FreeBSD-SA-02:22.mmap"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
