From owner-freebsd-security  Tue Nov 13  0:31:47 2001
Delivered-To: freebsd-security@freebsd.org
Received: from gilberto.physik.rwth-aachen.de (gilberto.physik.RWTH-Aachen.DE [137.226.46.168])
	by hub.freebsd.org (Postfix) with ESMTP id 5EE3637B405
	for <freebsd-security@freebsd.org>; Tue, 13 Nov 2001 00:31:45 -0800 (PST)
Received: (from kuku@localhost)
	by gilberto.physik.rwth-aachen.de (8.11.1/8.9.3) id fAD8Vik70191
	for freebsd-security@freebsd.org; Tue, 13 Nov 2001 09:31:44 +0100 (CET)
	(envelope-from kuku)
Date: Tue, 13 Nov 2001 09:31:44 +0100 (CET)
From: Christoph Kukulies <kuku@gilberto.physik.rwth-aachen.de>
Message-Id: <200111130831.fAD8Vik70191@gilberto.physik.rwth-aachen.de>
To: freebsd-security@freebsd.org
Subject: nosuid, suidperl
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


When mounting a CD or other removable media mounting it noexec,nosuid
should prevent from running suid programs and compromising the system.

The mount(8) manpage says:

             nosuid  Do not allow set-user-identifier or set-group-identifier
                     bits to take effect.  Note: this option is worthless if a
                     public available suid or sgid wrapper like suidperl(1) is
                     installed on your system.

In howfar does this compromise security?

What can one do about it? (having suidperl in the system and having
security)

-- 
Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message