Date: 13 Feb 2006 10:21:47 -0500 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: Alex Renn <ray@TXnet.com> Cc: freebsd-questions@freebsd.org Subject: Re: Re[2]: CD installation and file flags Message-ID: <44slqnl1x0.fsf@be-well.ilk.org> In-Reply-To: <597571270.20060212133505@TXnet.com> References: <358523811.20060209192506@TXnet.com> <44y80jyreb.fsf@be-well.ilk.org> <597571270.20060212133505@TXnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Alex Renn <ray@TXnet.com> writes: > Hello Lowell Gilbert! Hello! [Don't top-post, please.] > SUID/SGID files in my default installation do not have any flags set: > > $ uname -a > FreeBSD 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Thu Nov 3 09:36:13 UTC 2005 root@x64.samsco.home:/usr/obj/usr/src/sys/GENERIC i386 > $ ls -alo `which su` > -r-sr-xr-x 1 root wheel - 11992 Nov 3 08:11 /usr/bin/su > > That's why I'm asking about this. > I think there should be some flags set by default. Hmm, yes. The distribution tar files don't seem to have flags set. The tar documentation claims that it can handle file flags, but I've never tried it (the Gnu tar, which FreeBSD used until fairly recently, does not). From a quick look, the missing flags seem to be an artifact of the packaging process. Sorry about missing that earlier; flags are set on suid files by the source build/install process, and I haven't done a new install in a long time. If you source-upgrade the system, you'll get the flags set. However, if you are interested in this as a security measure, I recommend setting up your own mtree(1) specification to set the flags that *you* want. That will also allow you to use that same specification to check that the flags have remained the way you want them set. Good luck.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44slqnl1x0.fsf>