Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!rutgers!tut.cis.ohio-state.edu!bloom-beacon!athena.mit.edu!jfc
From: jfc@athena.mit.edu (John F Carr)
Newsgroups: comp.unix.wizards
Subject: Re: Getting rid of the root account
Message-ID: <12148@bloom-beacon.MIT.EDU>
Date: 22 Jun 89 15:37:18 GMT
References: <127@orchid.warwick.ac.uk> <16659@rpp386.Dallas.TX.US> <4499@ficc.uu.net> <1566@mcgill-vision.UUCP>
Sender: daemon@bloom-beacon.MIT.EDU
Reply-To: jfc@athena.mit.edu (John F Carr)
Organization: Massachusetts Institute of Technology
Lines: 13

In article <1566@mcgill-vision.UUCP> mouse@mcgill-vision.UUCP (der Mouse) writes:

[on allowing non-root to run mount]

>Ever hear of "nosuid"?  

Before allowing mount access to someone, make sure that all your system
directories are opened by some process (so you can't mount over them).
Otherwise you may find somebody else's /etc mounted over your own (for
example), at which point nosuid is no longer effective (there are a number
of less obvious directories, depending on your system).

    --John Carr (jfc@athena.mit.edu)