[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: mounting /tmp from fstab

On Fri, Feb 25, 2000 at 03:16:42AM +0200, Shaul Karl wrote:

> 1) extra security?
> [03:11:45 /tmp]$ man 8 mount | grep -A1 -B3 suid
>               nosuid Do not  allow  set-user-identifier  or  set-
>                      group-identifier  bits to take effect. (This
>                      seems safe, but is in fact rather unsafe  if
>                      you have suidperl(1) installed.)
> 
> [03:11:55 /tmp]$ 
> 
> 2) Is set-group-identifier the same s that I got for my home dir?
> [03:14:03 /tmp]$ ls -ld ~
> drwxr-sr-x   27 shaul    shaul        2048 Feb 25 03:09 /home/shaul
> [03:14:05 /tmp]$ 

no setgid on directory does not matter as far as the nosuid mount
option is concerned, the setgid bit on your home dir is completely
pointless though AFAICT, your primary group is shaul so everything you
create will have that group anyway, its only useful when you have a
shared directory with a different group, the setgid bit would ensure
everything you create there has that group instead if your primary
group (al la BSD)

nosuid just causes the kernel to refuse to execute a binary with the
set[ug]id bit set if the owner of the file does not match the user
trying to execute it.  does not matter for directorys since you cannot
execute them.

-- 
Ethan Benson
Reply to: