Date: Sun, 22 Sep 2002 01:23:07 -0700 (PDT) From: Don Lewis <dl-freebsd@catspoiler.org> To: brett@lariat.org Cc: Phil@Kernick.org, anarcat@anarcat.ath.cx, freebsd-stable@FreeBSD.ORG Subject: Re: Suggested modification to default install Message-ID: <200209220823.g8M8N7mY008228@gw.catspoiler.org> In-Reply-To: <4.3.2.7.2.20020921224956.027c1850@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On 21 Sep, Brett Glass wrote: > Well, kinda sorta. Another way to look at it is that if BIND is sandboxed > (which it should be!) its home directory should be in the same > partition as the other home directories: /usr. By default, the FreeBSD adduser script puts home directories under /home. When set up a multi-user system, I prefer to mount the filesystem containing user home directories (and any filesystems containing publicly writable directories) nosuid. This would not work well if user's home directories reside on the /usr filesystem. Also, if users have write access to any filesystems containing suid programs, they can effectively make their own copies of the program using the ln command. If a bug is later discovered in one of these suid program and the official copy is removed and replaced, the buggy version could still be linked under someone's home directory. While we've got scripts that are run from cron that can detect this, I prefer to prevent the problem in the first place through proper system configuration. I'm not terribly enthusiastic about putting dynamic data under /usr/local. When I set up a cluster of machines, I often populate /usr/local on one machine and share it with the remainder via NFS. Unsandboxed, the static BIND configuration files should probably live in /etc and the dynamic zone files (and the default directory, which will receive any core dumps) should probably live under /var. I think it should be possible to set up a functional (but painful to reconfigure) system with / and /usr mounted read-only. My preferred way of building a sandbox is to populate it using something like nullfs so that each of its subdirectories is mounted with the appropriate options. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200209220823.g8M8N7mY008228>