Re: CVS commit: src/share/examples/fstab

To: Hubert Feyrer <hubert%feyrer.de@localhost>
Subject: Re: CVS commit: src/share/examples/fstab
From: Klaus Klein <kleink%mibh.de@localhost>
Date: Wed, 4 May 2005 23:34:10 +0200

On Wednesday, 4. May 2005 22:55, Hubert Feyrer wrote:
> On Wed, 4 May 2005, Klaus Klein wrote:
> >> No devices on /usr         -> mount -o nodev
> >> No setuid programs in /var -> mount -o nodev,nosuid
> >>
> >> Adding "noexec" in various places may cause too much damage
> >> (e.g. for running DEINSTALL scripts from /var/db/pkg, configure
> >> scripts, etc).
> >
> > You mean "damage" as in no device nodes being available to
> > daemons chrooted to /var/chroot, which is the setup we happen
> > to recommend?  At the very least this deserves a comment about
> > the consequences.
> 
> True... I think adding a test if /var is mounted nodev may be even better.
> I'll have a look.

I believe this would really make the matter more complicated than
it needs to be; if the daemon chroot is mounted nodev, then what
next?

Also, a point gone missing here is thatm with the clock accuracy you
get from the typical COTS machine, you're very likely to end up
running ntpd, and in that case the suggested mount option will bite
you.

- Klaus

Follow-Ups:
- Re: CVS commit: src/share/examples/fstab
  - From: Hubert Feyrer

References:
- CVS commit: src/share/examples/fstab
  - From: Hubert Feyrer
- Re: CVS commit: src/share/examples/fstab
  - From: Klaus Klein
- Re: CVS commit: src/share/examples/fstab
  - From: Hubert Feyrer

Prev by Date: Re: CVS commit: src/share/examples/fstab
Next by Date: Re: CVS commit: src/share/examples/fstab
Previous by Thread: Re: CVS commit: src/share/examples/fstab
Next by Thread: Re: CVS commit: src/share/examples/fstab
Indexes:

Home | Main Index | Thread Index | Old Index