> On Sep 14, 2020, at 8:11 AM, Ingo Schwarze <[email protected]> wrote:
>
> Hi Brian,
>
> Brian Brombacher wrote on Mon, Sep 14, 2020 at 07:55:11AM -0400:
>
>> Love the idea; however, the only drawback is if some Bad Person
>> is twiddling around and leaves a suid or dev around on a file system
>> that is nosuid or nodev, you lose visibility.
>
> Doesn't look like a problem to me; that such bits and files are
> ignored on file systems with these mount options is the whole point
> of these options. So AFAICT, such files are not special in such
> places and hence visibility is not really useful.
>
>> Maybe an option to always scan regardless of fs options?
>
> I dislike options unless there is a really strong need for them.
> Why would you want to be notified about SUID files on a nosuid
> file system? What would you want to do about them, and why?
>
I guess I was looking at it from the perspective of defense against attackers.
If some lazy hacker left a file laying around, or they exploited something and
were able to create such files but couldn’t take advantage, the visibility
would be helpful.
It’s early and my coffee probably hasn’t kicked in ;)
> Yours,
> Ingo
>
