Subject: Re: CVS commit: src/share/examples/fstab
To: Hubert Feyrer <hubert@feyrer.de>
From: Perry E. Metzger <perry@piermont.com>
List: source-changes
Date: 05/04/2005 17:05:17
Hubert Feyrer <hubert@feyrer.de> writes:
> On Wed, 4 May 2005, Klaus Klein wrote:
>>> No devices on /usr -> mount -o nodev
>>> No setuid programs in /var -> mount -o nodev,nosuid
>>>
>>> Adding "noexec" in various places may cause too much damage
>>> (e.g. for running DEINSTALL scripts from /var/db/pkg, configure
>>> scripts, etc).
>>
>> You mean "damage" as in no device nodes being available to
>> daemons chrooted to /var/chroot, which is the setup we happen
>> to recommend? At the very least this deserves a comment about
>> the consequences.
>
> True... I think adding a test if /var is mounted nodev may be even better.
> I'll have a look.
I think we're better off not playing this game entirely. Just yank the
examples or comment them out.
.pm