[4933] in bugtraq
slight misinformation in CA-97.21
daemon@ATHENA.MIT.EDU (Dave Kormann)
Thu Jul 17 10:51:50 1997
Date: Thu, 17 Jul 1997 10:15:06 -0400
Reply-To: Dave Kormann <davek@RESEARCH.ATT.COM>
From: Dave Kormann <davek@RESEARCH.ATT.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.SUN.3.94.970717031752.1444A@dfw.dfw.net>
from cert advisory CA-97.21:
> As df will no longer work for non-root users, we recommend removing
> the execute permissions for them also.
this is false. without the setuid bit, df works just fine for
non-root users (at least under 6.2). the only effect is that the
little-used and expensive '-f' option (which forces df to scan the
free block list and hence requires access to the device) won't work.
there's no good reason to take away execute permission from df, unless
your users are likely to be extremely confused by the lack of the '-f'
option.
dk
