diff options
| author | Kenneth R Westerback <krw@cvs.openbsd.org> | 2002-09-25 12:19:13 +0000 |
|---|---|---|
| committer | Kenneth R Westerback <krw@cvs.openbsd.org> | 2002-09-25 12:19:13 +0000 |
| commit | b6dee0b899532b2a77218ba135c2bbca7f74cae7 (patch) | |
| tree | df76f198ee4e0270abf0639d67a5001ffe6022d0 /usr.bin/rdistd/filesys.c | |
| parent | 66d72c3ed842f0393a6ea815a0a674bb1a7e11c0 (diff) | |
Try to minimize places where suid programs and devices can live
by implementing the rules:
Only '/' is neither nodev nor nosuid. i.e. it can obviously *always*
contain devices or setuid programs.
Every other mounted filesystem is nodev. If the user chooses to mount
/dev as a separate filesystem, then on the user's head be it.
The only directories that install puts suid binaries into (as of 3.2)
are:
/sbin
/usr/bin
/usr/sbin
/usr/libexec
/usr/libexec/auth
/usr/X11R6/bin
and ports and users can do who knows what to /usr/local and sub
directories thereof.
So try to ensure that only filesystems that are mounted at or above
these directories can contain suid programs. In the case of
/usr/libexec, give blanket permission for subdirectories.
Note that if *all* the above are split into separate filesystems the
install process will attempt a couple of cross-device links when
installing base32.tgz, and fail.
ok deraadt@.
Diffstat (limited to 'usr.bin/rdistd/filesys.c')
0 files changed, 0 insertions, 0 deletions