Re: CVS commit: src/share/examples/fstab

To: Klaus Klein <kleink%mibh.de@localhost>
Subject: Re: CVS commit: src/share/examples/fstab
From: Hubert Feyrer <hubert%feyrer.de@localhost>
Date: Wed, 4 May 2005 22:55:36 +0200 (CEST)

On Wed, 4 May 2005, Klaus Klein wrote:

No devices on /usr              -> mount -o nodev
No setuid programs in /var      -> mount -o nodev,nosuid

Adding "noexec" in various places may cause too much damage
(e.g. for running DEINSTALL scripts from /var/db/pkg, configure
scripts, etc).


You mean "damage" as in no device nodes being available to
daemons chrooted to /var/chroot, which is the setup we happen
to recommend?  At the very least this deserves a comment about
the consequences.


True... I think adding a test if /var is mounted nodev may be even better.
I'll have a look.


 - Hubert

--
NetBSD - Free AND Open!      (And of course secure, portable, yadda yadda)

Follow-Ups:
- Re: CVS commit: src/share/examples/fstab
  - From: Klaus Klein
- Re: CVS commit: src/share/examples/fstab
  - From: Perry E. Metzger

References:
- CVS commit: src/share/examples/fstab
  - From: Hubert Feyrer
- Re: CVS commit: src/share/examples/fstab
  - From: Klaus Klein

Prev by Date: CVS commit: src/share/man/man8
Next by Date: Re: CVS commit: src/share/examples/fstab
Previous by Thread: Re: CVS commit: src/share/examples/fstab
Next by Thread: Re: CVS commit: src/share/examples/fstab
Indexes:

Home | Main Index | Thread Index | Old Index