[136] in linux-security and linux-alert archive
Closing suid root holes
daemon@ATHENA.MIT.EDU (Leonard N. Zubkoff)
Mon Mar 13 01:55:29 1995
Date: Sun, 12 Mar 1995 22:30:13 -0800
From: "Leonard N. Zubkoff" <lnz@dandelion.com>
To: linux-security@tarsier.cv.nrao.edu
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: alex's message of Sun, 12 Mar 1995 21:11:05 -0500 (EST) <Pine.LNX.3.91.950312210520.14797A-100000@bach.cis.temple.edu>
Reply-To: linux-security@tarsier.cv.nrao.edu
Date: Sun, 12 Mar 1995 21:11:05 -0500 (EST)
From: alex <alex@bach.cis.temple.edu>
I think everything can be simplified by adding 'nosuid' and 'suid' flags
to filesystems like in SunOS and OSF. Assume that my partitions are like
this:
/ ext2
/usr ext2
/usr/local ext2, nosuid
Now no matter if someone found a bug in SUID program somewhere is
/usr/local/totaly-uglypath/ it won't matter because setuid programs are not
allowed on a partition!
You must be a bit out of date. I've been running the following on Linux for
quite some time:
/dev/sda1 / ext2 defaults 1 1
/dev/sda4 /u ext2 nosuid,nodev 1 2
/dev/sda2 swap swap defaults
none /proc proc defaults
/dev/sr0 /cd1 iso9660 user,noauto,ro,noexec,nosuid,nodev,unhide
/dev/sr1 /cd2 iso9660 user,noauto,ro,noexec,nosuid,nodev,unhide
It's already available...
Leonard
