Date: Thu, 13 Jan 2005 10:49:14 -0800 (PST) From: Don Lewis <truckman@FreeBSD.org> To: ceri@submonkey.net Cc: src-committers@FreeBSD.org Subject: Re: cvs commit: src/etc/periodic/security 100.chksetuid Message-ID: <200501131849.j0DInEEE029957@gw.catspoiler.org> In-Reply-To: <20050113153228.GG49329@submonkey.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 13 Jan, Ceri Davies wrote: > On Thu, Jan 13, 2005 at 06:28:26PM +0300, Gleb Smirnoff wrote: >> On Thu, Jan 13, 2005 at 03:24:30PM +0000, Ceri Davies wrote: >> C> Umm, why not? If setuid binaries appear anywhere on my system then I'd >> C> like to continue to be told so that I can be confident of where they >> C> came from. I don't care if they pose an immediate threat or not. >> >> In this case "grep -v nosuid" must be removed, too, to be consistent. >> >> P.S. We have "grep -v nosuid" from the very beginning. > > Hmm. I retract my objection then, whilst retaining my reservations. I did something like this locally way back in the 2.1.x days. Running suid checks on the news spool, the squid cache, the CD-ROM changer (causing it to sometimes lock up), and a bunch of NFS clients simultaneously doing suid checks on the same NFS server got to be a drag.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200501131849.j0DInEEE029957>