Hi Todd, Todd C. Miller wrote on Sun, Sep 13, 2020 at 03:13:04PM -0600: > On Sun, 13 Sep 2020 09:17:02 -0000, Rupert Gallagher wrote:
>> Since /usr/libexec/security runs blindly on every attached storage >> media, it also runs on mounted tape and backup data volumes. > It might be best to only check file systems listed in /etc/fstab > that don't have noauto in the options field. I'm not convinced about that. Filesystems that are not automatically mounted can serve a wide range of purposes. Some may still be mounted often, maybe even most of the time, depending on what they are used for. Some such file systems may permit SUID and/or device files, so not checking them may be a dubious idea. I don't think the OP raised an actual problem. There are already two solutions for it. First, a backup file system should usually be mounted, populated, and unmounted quickly rather than remaining mounted all the time, to minimize the risk of damage to the backup. Of course you do *not* run the backup at the same time as daily(8), or even if you run the backup from daily.local(8), then you don't run it in parallel to security(8), so there usually isn't any problem in the first place. Even if, for some weird reason, you want to keep the backup mounted all the time, there is still no problem. On some such machines, checking it regularly for dangerous files might even be useful. In cases where that is not useful, and more so if it causes problems of some kind, just use SUIDSKIP as documented in security(8). Only a human can decide which file systems should usefully be checked, i don't think there is a reasonable way to guess from fstab(5) or in some other automated way. To summarize, i don't see why we should change the code. Yours, Ingo
