On Fri, 4 Nov 2005, Matthias Scheler wrote:

> And without "nodev" somebody with root privileges can still escape
> or at least cause damage. Maybe we need a "nomakedev" option?

While we're talking about this, the first thing that occurred to me when
this thread started was that Steve seems to have the exact opposite
problem that I do. (I'm not sure why.)

I used always to mount /var nodev,nosuid, just like /tmp. (I reckon
if there's a world writable directory in there, nodev,nosuid can't
hurt.) But I can't do that any more because of stuff like ntp, which is
chrooted into /var/chroot, and needs a device.

cjs
-- 
Curt Sampson        <cjs@cynic.net>         +81 90 7737 2974
   Make up enjoying your city life...produced by BIC CAMERA