On Fri, Jan 04, 2008 at 06:40:33PM -0800, Alan Coopersmith wrote: > ody wrote: > > I remedied this by creating a symlink from /tmp/SUNWut/dev -> > > /var/tmp/dev. Also talking to our Admin about the how much security > > nosuid actually provides /tmp. > > What about changing nosuid to nosetuid on /tmp so you still block > setuid-apps, but not devices?
Devices on a user-writable filesystem are a security risk too. Root has to be involved in both cases, of course. Setuid applications or devices are the mechanism, not the original security breach. You have to weigh the risk, of course. We omit `nosuid' on Sun Ray servers since there are fewer of them. -- -Gary Mills- -Unix Support- -U of M Academic Computing and Networking- _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
