Date: Fri, 31 Aug 2007 19:01:08 GMT From: Craig Rodrigues <rodrigc@FreeBSD.org> To: freebsd-gnats-submit@FreeBSD.org Subject: docs/115981: nodev mount option should be removed from documentation Message-ID: <200708311901.l7VJ18O2004661@www.freebsd.org> Resent-Message-ID: <200708311910.l7VJA2tJ041236@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 115981 >Category: docs >Synopsis: nodev mount option should be removed from documentation >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Fri Aug 31 19:10:02 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Craig Rodrigues >Release: FreeBSD CURRENT >Organization: >Environment: >Description: The "nodev" and "dev" mount options have been no-ops that have been silently ignored since FreeBSD 5, due to the introduction of devfs. In FreeBSD 7, if a user has these options in /etc/fstab, or does "mount -o nodev", it will result in a mount error, and that particular mount operation should fail. >How-To-Repeat: >Fix: Remove all references to "nodev" mount option in documentation. Patch attached with submission follows: Index: articles/hubs/article.sgml =================================================================== RCS file: /home/ncvs/doc/en_US.ISO8859-1/articles/hubs/article.sgml,v retrieving revision 1.64 diff -u -r1.64 article.sgml --- articles/hubs/article.sgml 30 Jun 2007 09:42:35 -0000 1.64 +++ articles/hubs/article.sgml 31 Aug 2007 18:57:09 -0000 @@ -379,7 +379,7 @@ Here is an excerpt from <filename>/etc/fstab</filename>, how to set up such a MFS: <programlisting> -/dev/da0s1b /anoncvstmp mfs rw,-s=786432,-b=4096,-f=512,-i=560,-c=3,-m=0,nosuid,nodev 0 0 +/dev/da0s1b /anoncvstmp mfs rw,-s=786432,-b=4096,-f=512,-i=560,-c=3,-m=0,nosuid 0 0 </programlisting> This is (of course) tuned a lot, and was suggested by &a.jdp;. </para> Index: books/handbook/basics/chapter.sgml =================================================================== RCS file: /home/ncvs/doc/en_US.ISO8859-1/books/handbook/basics/chapter.sgml,v retrieving revision 1.148 diff -u -r1.148 chapter.sgml --- books/handbook/basics/chapter.sgml 6 Jul 2007 07:29:55 -0000 1.148 +++ books/handbook/basics/chapter.sgml 31 Aug 2007 18:57:52 -0000 @@ -1630,15 +1630,6 @@ <variablelist> <varlistentry> - <term>nodev</term> - - <listitem> - <para>Do not interpret special devices on the - file system. This is a useful security option.</para> - </listitem> - </varlistentry> - - <varlistentry> <term>noexec</term> <listitem> Index: books/handbook/security/chapter.sgml =================================================================== RCS file: /home/ncvs/doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml,v retrieving revision 1.313 diff -u -r1.313 chapter.sgml --- books/handbook/security/chapter.sgml 5 Jul 2007 11:00:48 -0000 1.313 +++ books/handbook/security/chapter.sgml 31 Aug 2007 18:59:07 -0000 @@ -712,9 +712,8 @@ <para>If you have a huge amount of user disk space, it may take too long to run through every file on those partitions. In this case, - setting mount flags to disallow suid binaries and devices on those - partitions is a good idea. The <literal>nodev</literal> and - <literal>nosuid</literal> options (see &man.mount.8;) are what you + setting mount flags to disallow suid binaries is a good idea. + The <literal>nosuid</literal> option (see &man.mount.8;) is what you want to look into. You should probably scan them anyway, at least once a week, since the object of this layer is to detect a break-in attempt, whether or not the attempt succeeds.</para> >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200708311901.l7VJ18O2004661>