What to do about checksecurity
At present, the checksecurity script doesn't check nfs/afs/whatever
disks only if they are mounted (nosuid or noexec) and nodev. About
once a month I get an e-mail or bug report from someone who doesn't
like this, because of the extensive network access involved. I write
back a letter saying that if they don't want this to happen they
can either do their nfs/afs/whatever mounts nosuid,nodev, or modify
/etc/checksecurity.conf to skip all n/a/w type mounts and abandon all
pretense of checksecurity usefulness.
However, I'm getting tired of responding to these letters. I'm becoming
less and less convinced of checksecurity's usefulness, mostly because I
suspect most people choose to skip n/a/w mounted disks, even if those
mounts might have suid programs on them. I guess my questions are:
1. Does anybody actually care about the checksecurity script?
2. If you do, have you modified checksecurity.conf? How so?
I'm strongly considering removing the checksecurity functionality from
the cron package, if I can figure out a safe way to move the conf file.
Steve Greenland
--
E-mail the word "unsubscribe" to debian-devel-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? E-mail to listmaster@debian.org .
Reply to: