James Carlson writes: > Mike Williams writes: > > IHAC that is having to answer to their computer security group regarding > > the use of "suid" files in Solaris 10. > > Seems they are asking if "suid" can be removed from the various Solaris > > files systems to remove what they think may be a potential security > > risk. They also noticed that the use of the Veritas File System (VxFS) > > does the same (output below) > > Files or file systems?
It occurs to me that the customer's question might be simpler than I'm making out. It could just be: "Why is the default mount option 'suid' rather than 'nosuid' or at least 'nosetuid'?" Leaving aside the question of device nodes, the simple answer is "compatibility." We couldn't change the default mount options without substantially and subtly damaging our compatibility story. Upgrade should not cause the system to break existing applications without substantial justification, warning, and a transition plan in place. "Sun doesn't do that." -- James Carlson, Solaris Networking <james.d.carlson at sun.com> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677