Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 19138 Details for
Bug 30979
Fix BIND comment and some other small updates.
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Fix for bug.
gentoo-security-1.21-fix.diff (text/plain), 4.22 KB, created by
Sune Kloppenborg Jeppesen
on 2003-10-12 11:16:46 UTC
(
hide
)
Description:
Fix for bug.
Filename:
MIME Type:
Creator:
Sune Kloppenborg Jeppesen
Created:
2003-10-12 11:16:46 UTC
Size:
4.22 KB
patch
obsolete
>--- gentoo-security-1.21.xml 2003-10-12 20:11:36.000000000 +0200 >+++ gentoo-security-1.21-fix.xml 2003-10-12 20:11:27.000000000 +0200 >@@ -757,14 +757,14 @@ > /dev/cdroms /cdrom0 /mnt/cdrom iso9660 noauto,ro 0 0 > proc /proc proc defaults 0 0 > </pre> >-<warn>Placing <path>/tmp</path> in noexec mode can prevent certain scripts from executing properly</warn> >-<note>Disk quotas is described in another chapter</note> >+<warn>Placing <path>/tmp</path> in <c>noexec</c> mode can prevent certain scripts from executing properly</warn> >+<note>For quotas see <uri link="#doc_chap6_sect3">Quotas section</uri>.</note> > > <note> > I do not set <path>/var</path> to <c>noexec</c> or <c>nosuid</c> even if files normally are never executed from this mount point. The reason for this is that qmail is installed in <path>/var/qmail</path> and must be allowed to execute and access one SUID file. I setup <path>/usr</path> in read-only mode since I never write anything there unless I want to update Gentoo. Then I remount the file system in read-write mode, update and remount again. > </note> > >-<note>Even if you do not use qmail, Gentoo still needs the executable bit set on <path>/var/tmp</path> since ebuilds are made here. But an alternative path can be setup if you insists on having <path>/var</path> in noexec mode. >+<note>Even if you do not use qmail, Gentoo still needs the executable bit set on <path>/var/tmp</path> since ebuilds are made here. But an alternative path can be setup if you insists on having <path>/var</path> in <c>noexec</c> mode. > </note> > > </body> >@@ -827,7 +827,7 @@ > <body> > > <warn> >-Make sure the file systems you are working with support quotas. ReiserFS is not one of them! >+Make sure the file systems you are working with support quotas and <c>reiserfs</c> is not one of them. > </warn> > > <p> >@@ -1000,7 +1000,7 @@ > <body> > > <p> >-Files with the SUID or SGID bit set allows the files to execute with privileges of the <e>owning</e> user or group and not the user executing the file. Normally these bits are used on files that must run as root in order to do what they do. These files can lead to local root compromise (if they contain security holes). This is dangerous and files with the SUID or SGID bits set should be avoided at any cost. If you do not use the files use <c>chmod 0</c> on them or unmerge the package they came from (check which package they belong to by using <c>qpkg -f</c>). If you do not already have it installed simply <c>emerge gentoolkit</c> it). Otherwise just turn the SUID bit off with <c>chmod -s</c>. >+Files with the SUID or SGID bit set allows the files to execute with privileges of the <e>owning</e> user or group and not the user executing the file. Normally these bits are used on files that must run as root in order to do what they do. These files can lead to local root compromise (if they contain security holes). This is dangerous and files with the SUID or SGID bits set should be avoided at any cost. If you do not use the files use <c>chmod 0</c> on them or unmerge the package they came from (check which package they belong to by using <c>qpkg -f</c>). If you do not already have it installed simply type <c>emerge gentoolkit</c>). Otherwise just turn the SUID bit off with <c>chmod -s</c>. > </p> > > <pre caption="Finding setuid files"> >@@ -1656,7 +1656,7 @@ > </warn> > > <p> >-One can find documentation at <uri>http://www.pureftpd.org</uri> >+One can find documentation at <uri>http://www.pureftpd.org</uri>. > </p> > > </body> >@@ -1818,6 +1818,12 @@ > <impo> > Bind is known for its lousy security history and that should not be taken lightly. As with any other service it should <e>never</e> run as root so please do not change the default configuration for this service. > </impo> >+<p> >+One can find documentation at the <uri link="http://www.isc.org/products/BIND/bind9.html">Internet Software Consortium</uri> the BIND 9 Administrator Reference Manual is also in the <path>doc/arm</path>. >+</p> >+ >+</body> >+</section> > > <comment> > <p> >@@ -1896,12 +1902,6 @@ > </note> > </comment> > >-<p> >-One can find documentation at the <uri link="http://www.isc.org/products/BIND/bind9.html">Internet Software Consortium</uri> the BIND 9 Administrator Reference Manual is also in the <path>doc/arm</path>. >-</p> >- >-</body> >-</section> > > <section> > <title>Djbdns</title>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=19138">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 30979
: 19138
