cvs commit: src/etc/periodic/security 100.chksetuid
Jacques A. Vidrine
nectar at FreeBSD.org
Fri Jan 14 06:01:24 PST 2005
On Thu, Jan 13, 2005 at 01:51:32PM -0800, John-Mark Gurney wrote:
> Most nfs installs, you have control over the server, and are probably
> already running something similar on the server... If you are mounting
> "untrusted" shares, as you said, they should be mounted nosetuid or noexec,
> and if you really need it not mounted noexec, then we should provide an
> include of non-local fs's...
I was thinking of an active attacker on the network, in which case it
doesn't matter if you have control over the server or not.
Cheers,
--
Jacques A Vidrine / NTT/Verio
nectar at celabo.org / jvidrine at verio.net / nectar at FreeBSD.org
More information about the cvs-src
mailing list