From owner-freebsd-security  Tue Nov 13  0:46:21 2001
Delivered-To: freebsd-security@freebsd.org
Received: from axl.seasidesoftware.co.za (axl.seasidesoftware.co.za [196.31.7.201])
	by hub.freebsd.org (Postfix) with ESMTP id 9FD3737B405
	for <freebsd-security@freebsd.org>; Tue, 13 Nov 2001 00:46:16 -0800 (PST)
Received: from sheldonh (helo=axl.seasidesoftware.co.za)
	by axl.seasidesoftware.co.za with local-esmtp (Exim 3.33 #1)
	id 163ZDX-0006Bg-00; Tue, 13 Nov 2001 10:46:51 +0200
From: Sheldon Hearn <sheldonh@starjuice.net>
To: Christoph Kukulies <kuku@gilberto.physik.rwth-aachen.de>
Cc: freebsd-security@freebsd.org
Subject: Re: nosuid, suidperl 
In-reply-to: Your message of "Tue, 13 Nov 2001 09:31:44 +0100."
             <200111130831.fAD8Vik70191@gilberto.physik.rwth-aachen.de> 
Date: Tue, 13 Nov 2001 10:46:51 +0200
Message-ID: <23787.1005641211@axl.seasidesoftware.co.za>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org



On Tue, 13 Nov 2001 09:31:44 +0100, Christoph Kukulies wrote:

> The mount(8) manpage says:
> 
>              nosuid  Do not allow set-user-identifier or set-group-identifier
>                      bits to take effect.  Note: this option is worthless if a
>                      public available suid or sgid wrapper like suidperl(1) is
>                      installed on your system.
> 
> In howfar does this compromise security?

The default FreeBSD distribution doesn't offer a setuid root suidperl(1)
program, but it's worth checking your specific installation with 'ls -l
/usr/bin/suidperl'.

Ciao,
Sheldon.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message