Subject: Re: CVS commit: src/share/examples/fstab
To: None <hubertf@netbsd.org>
From: Klaus Klein <kleink@mibh.de>
List: source-changes
Date: 05/04/2005 20:59:38
On Wednesday, 4. May 2005 20:26, Hubert Feyrer wrote:
> 
> Module Name:	src
> Committed By:	hubertf
> Date:		Wed May  4 18:26:14 UTC 2005
> 
> Modified Files:
> 	src/share/examples/fstab: fstab.cdrom fstab.nfs.1 fstab.ra
> 	    fstab.ramdisk fstab.rd fstab.sd0.1 fstab.sd0.2 fstab.sd0.amiga
> 	    fstab.sd0.atari fstab.wd0.2 fstab.wd0.3 fstab.wd0.cobalt
> 
> Log Message:
> No devices on /usr		-> mount -o nodev
> No setuid programs in /var	-> mount -o nodev,nosuid
> 
> Adding "noexec" in various places may cause too much damage
> (e.g. for running DEINSTALL scripts from /var/db/pkg, configure
> scripts, etc).

You mean "damage" as in no device nodes being available to
daemons chrooted to /var/chroot, which is the setup we happen
to recommend?  At the very least this deserves a comment about
the consequences.


- Klaus