Re: coupe things RedHat does well and Debian should too

To: Ethan Benson <erbenson@alaska.net>
Cc: debian-devel@lists.debian.org
Subject: Re: coupe things RedHat does well and Debian should too
From: Decklin Foster <fosterd@hartwick.edu>
Date: Mon, 8 May 2000 03:15:54 -0400
Message-id: <[🔎] 20000508031554.A13740@photek.dhs.org>
In-reply-to: <[🔎] 20000507200751.R7928@plato.local.lan>; from erbenson@alaska.net on Mon, May 08, 2000 at 12:07:51AM -0400
References: <[🔎] 20000507200751.R7928@plato.local.lan>

Ethan Benson writes:

> im not all that familier with the way suidperl works but why can't
> it check for nosuid mount options before allowing a script located
> on a nosuid filesystem from being run suid?

Take it up with the Perl people; my personal reaction is 'yuck' but
they may have a different view. IMHO 'nosuid' should just mean 'no
suid executables on this filesystem', not 'your users can't possibly
get a suid program to excute arbitrary code from this filesystem'; you
have to audit every single suid program and add such a filesystem
check (which isn't portable to many other *nixes anyway). I'm wary of
lulling people into a false sense of security.

-- 
There is no TRUTH. There is no REALITY. There is no CONSISTENCY. There
are no ABSOLUTE STATEMENTS. I'm very probably wrong. -- BSD fortune(6)

Reply to:

Follow-Ups:
- Re: coupe things RedHat does well and Debian should too
  - From: Bernd Eckenfels <lists@lina.inka.de>
- Re: coupe things RedHat does well and Debian should too
  - From: "Brendan O'Dea" <bod@debian.org>

References:
- Re: coupe things RedHat does well and Debian should too
  - From: Ethan Benson <erbenson@alaska.net>

Prev by Date: ITP: ZWiki
Next by Date: Re: coupe things RedHat does well and Debian should too
Previous by thread: Re: coupe things RedHat does well and Debian should too
Next by thread: Re: coupe things RedHat does well and Debian should too
Index(es):
- Date
- Thread