What to do about checksecurity

To: Debian Developers <debian-devel@lists.debian.org>
Subject: What to do about checksecurity
From: Steve Greenland <stevegr@master.debian.org>
Date: Sun, 8 Mar 1998 22:51:57 -0600
Message-id: <[🔎] 19980308225157.34942@neuromancer.dmccorp.com>
Reply-to: Steve Greenland <stevegr@master.debian.org>

At present, the checksecurity script doesn't check nfs/afs/whatever
disks only if they are mounted (nosuid or noexec) and nodev. About
once a month I get an e-mail or bug report from someone who doesn't
like this, because of the extensive network access involved. I write
back a letter saying that if they don't want this to happen they
can either do their nfs/afs/whatever mounts nosuid,nodev, or modify
/etc/checksecurity.conf to skip all n/a/w type mounts and abandon all
pretense of checksecurity usefulness.

However, I'm getting tired of responding to these letters. I'm becoming
less and less convinced of checksecurity's usefulness, mostly because I
suspect most people choose to skip n/a/w mounted disks, even if those
mounts might have suid programs on them. I guess my questions are:

1. Does anybody actually care about the checksecurity script?

2. If you do, have you modified checksecurity.conf? How so?

I'm strongly considering removing the checksecurity functionality from
the cron package, if I can figure out a safe way to move the conf file.

Steve Greenland


--
E-mail the word "unsubscribe" to debian-devel-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble?  E-mail to listmaster@debian.org .

Reply to:

Follow-Ups:
- Re: What to do about checksecurity
  - From: Hubert Weikert <weikert@muninn.cube.net>

Prev by Date: Re: developer.debian.org
Next by Date: developer homes, ...
Previous by thread: Re: gEDIT
Next by thread: Re: What to do about checksecurity
Index(es):
- Date
- Thread