diff options
| author |   krw <krw@openbsd.org> | 2002-09-25 12:19:12 +0000 |
|---|---|---|
| committer | krw <krw@openbsd.org> | 2002-09-25 12:19:12 +0000 |
| commit | e4af767be883e1102723f57b870a37ac88f98683 (patch) | |
| tree | e174538d0d0437bb57ea16342fef4d63866db6f2 /lib/libc | |
| parent | sync LoginGraceTime with default (diff) | |
| download | wireguard-openbsd-e4af767be883e1102723f57b870a37ac88f98683.tar.xz wireguard-openbsd-e4af767be883e1102723f57b870a37ac88f98683.zip | |
Try to minimize places where suid programs and devices can live
by implementing the rules:
Only '/' is neither nodev nor nosuid. i.e. it can obviously *always*
contain devices or setuid programs.
Every other mounted filesystem is nodev. If the user chooses to mount
/dev as a separate filesystem, then on the user's head be it.
The only directories that install puts suid binaries into (as of 3.2)
are:
/sbin
/usr/bin
/usr/sbin
/usr/libexec
/usr/libexec/auth
/usr/X11R6/bin
and ports and users can do who knows what to /usr/local and sub
directories thereof.
So try to ensure that only filesystems that are mounted at or above
these directories can contain suid programs. In the case of
/usr/libexec, give blanket permission for subdirectories.
Note that if *all* the above are split into separate filesystems the
install process will attempt a couple of cross-device links when
installing base32.tgz, and fail.
ok deraadt@.
Diffstat (limited to 'lib/libc')
0 files changed, 0 insertions, 0 deletions