diff options
-rw-r--r-- | lib/libc/sys/mount.2 | 5 | ||||
-rw-r--r-- | lib/libc/sys/statfs.2 | 4 | ||||
-rw-r--r-- | share/man/man7/security.7 | 10 | ||||
-rw-r--r-- | share/man/man9/vfs_mount.9 | 4 |
4 files changed, 8 insertions, 15 deletions
diff --git a/lib/libc/sys/mount.2 b/lib/libc/sys/mount.2 index 844c1fe..af0ff70 100644 --- a/lib/libc/sys/mount.2 +++ b/lib/libc/sys/mount.2 @@ -32,7 +32,7 @@ .\" @(#)mount.2 8.3 (Berkeley) 5/24/95 .\" $FreeBSD$ .\" -.Dd August 13, 2004 +.Dd November 26, 2004 .Dt MOUNT 2 .Os .Sh NAME @@ -130,9 +130,6 @@ Do not honor setuid or setgid bits on files when executing them. This flag is set automatically when the caller is not the super-user. .It Dv MNT_NOATIME Disable update of file access times. -.It Dv MNT_NODEV -Do not interpret special files on the file system. -This flag is set automatically when the caller is not the super-user. .It Dv MNT_SNAPSHOT Create a snapshot of the file system. This is currently only supported on UFS2 file systems, see diff --git a/lib/libc/sys/statfs.2 b/lib/libc/sys/statfs.2 index 0a98ba7..18736ab 100644 --- a/lib/libc/sys/statfs.2 +++ b/lib/libc/sys/statfs.2 @@ -32,7 +32,7 @@ .\" @(#)statfs.2 8.5 (Berkeley) 5/24/95 .\" $FreeBSD$ .\" -.Dd November 16, 2003 +.Dd November 26, 2004 .Dt STATFS 2 .Os .Sh NAME @@ -108,8 +108,6 @@ Even the super-user may not write on it. Files may not be executed from the file system. .It Dv MNT_NOSUID Setuid and setgid bits on files are not honored when they are executed. -.It Dv MNT_NODEV -Special files in the file system may not be opened. .It Dv MNT_SYNCHRONOUS All I/O to the file system is done synchronously. .It Dv MNT_ASYNC diff --git a/share/man/man7/security.7 b/share/man/man7/security.7 index d44d9dd..1af2bcb 100644 --- a/share/man/man7/security.7 +++ b/share/man/man7/security.7 @@ -23,7 +23,7 @@ .\" .\" $FreeBSD$ .\" -.Dd September 18, 1999 +.Dd November 29, 2004 .Dt SECURITY 7 .Os .Sh NAME @@ -630,16 +630,14 @@ and so forth, files that might fall outside the purview of the MD5 check. If you have a huge amount of user disk space it may take too long to run through every file on those partitions. In this case, setting mount -flags to disallow SUID binaries and devices on those partitions is a good +flags to disallow SUID binaries on those partitions is a good idea. The -.Cm nodev -and .Cm nosuid -options +option (see .Xr mount 8 ) -are what you want to look into. +is what you want to look into. I would scan them anyway at least once a week, since the object of this layer is to detect a break-in whether or not the break-in is effective. diff --git a/share/man/man9/vfs_mount.9 b/share/man/man9/vfs_mount.9 index 83a7279..b64698c 100644 --- a/share/man/man9/vfs_mount.9 +++ b/share/man/man9/vfs_mount.9 @@ -26,7 +26,7 @@ .\" .\" $FreeBSD$ .\" -.Dd July 8, 2001 +.Dd November 26, 2004 .Dt VFS_MOUNT 9 .Os .Sh NAME @@ -70,7 +70,7 @@ See .Xr mount 2 for details. .Pp -.Dv MNT_EXPORTED , MNT_NOSUID , MNT_NODEV , MNT_UPDATE , MNT_RELOAD , +.Dv MNT_EXPORTED , MNT_NOSUID , MNT_UPDATE , MNT_RELOAD , .Dv MNT_FORCE , MNT_ASYNC , MNT_SYNCHRONOUS , MNT_UNION , MNT_NOATIME , .Dv MNT_SNAPSHOT , MNT_NOCLUSTERR , MNT_NOCLUSTERW , MNT_IGNORE , .Dv MNT_UNION , MNT_NOSYMFOLLOW |