From bminard@flatfoot.ca  Sat May 31 18:54:32 2003
Return-Path: <bminard@flatfoot.ca>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F365537B401
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 31 May 2003 18:54:31 -0700 (PDT)
Received: from gozer.look.ca (gozer.look.ca [207.136.80.10])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 48D1343F3F
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 31 May 2003 18:54:31 -0700 (PDT)
	(envelope-from bminard@flatfoot.ca)
Received: from on-tor-blr-a58-01-56.look.ca ([216.154.0.56] helo=flatfoot.ca)
	by gozer.look.ca with esmtp (Exim 4.05)
	id 19MI3I-0005OC-00
	for FreeBSD-gnats-submit@freebsd.org; Sun, 01 Jun 2003 01:54:28 +0000
Received: from spud.flatfoot.ca (localhost [127.0.0.1])
	by flatfoot.ca (8.12.9/8.12.9) with ESMTP id h511pdgf001651
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 31 May 2003 21:51:39 -0400 (EDT)
	(envelope-from bminard@spud.flatfoot.ca)
Received: (from bminard@localhost)
	by spud.flatfoot.ca (8.12.9/8.12.9/Submit) id h511p3MG001650;
	Sat, 31 May 2003 21:51:03 -0400 (EDT)
	(envelope-from bminard)
Message-Id: <200306010151.h511p3MG001650@spud.flatfoot.ca>
Date: Sat, 31 May 2003 21:51:03 -0400 (EDT)
From: Brian Minard <bminard@flatfoot.ca>
Reply-To: Brian Minard <bminard@flatfoot.ca>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [PATCH] Installing FreeBSD: Benefits of multiple filesystems
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         52829
>Category:       docs
>Synopsis:       [PATCH] Installing FreeBSD: Benefits of multiple filesystems
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    ceri
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat May 31 19:00:29 PDT 2003
>Closed-Date:    Sat Jun 07 08:55:16 PDT 2003
>Last-Modified:  Sat Jun 07 08:55:16 PDT 2003
>Originator:     Brian Minard
>Release:        FreeBSD 4.8-STABLE i386
>Organization:
>Environment:
System: FreeBSD spud.flatfoot.ca 4.8-STABLE FreeBSD 4.8-STABLE #0: Mon May 19 21:28:08 EDT 2003 root@spud.flatfoot.ca:/usr/obj/usr/src/sys/SPUD i386


>Description:
	The installation chapter lists several benefits for creating multiple
	filesystems.  An important consideration which might not be apparent
	to new users until after they complete the installation is that you
	cannot mount user-writable file systems nosuid if you don't put them
	in a separate filesystem.  This is worth emphasizing, as security(7)
	makes this recommendation.
>How-To-Repeat:
	Follow the installation instructions for allocating disk space--they
	are (strongly) biased towards leading users to create /home under /usr.
>Fix:
--- chapter.sgml.orig	Sat May 31 12:30:21 2003
+++ chapter.sgml	Sat May 31 21:43:40 2003
@@ -1747,7 +1747,13 @@
 	  <para>Different filesystems can have different <firstterm>mount
 	      options</firstterm>.  For example, with careful planning, the
 	    root filesystem can be mounted read-only, making it impossible for
-	    you to inadvertently delete or edit a critical file.</para>
+	    you to inadvertently delete or edit a critical file.  As well,
+	    separating the filesystem containing <filename>/home<filename>,
+	    from other filesystems means that user-writable filesystems can be
+	    mounted <firstterm>nosuid</firstterm>.  This will prevent the
+	    <firstterm>suid/guid<firstterm> bits on executables stored in
+	    <filename>/home</filename> from taking effect, possibly improving
+	    security.</para>
 	</listitem>
 
 	<listitem>
>Release-Note:
>Audit-Trail:

From: Brian Minard <bminard@flatfoot.ca>
To: FreeBSD-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: docs/52829: [PATCH] Installing FreeBSD: Benefits of multiple filesystems
Date: Sun, 1 Jun 2003 19:03:53 -0400

 Use this patch instead.  The previous one contains broken tags.
 
 --- chapter.sgml.orig	Sun Jun  1 18:52:09 2003
 +++ chapter.sgml	Sun Jun  1 19:00:13 2003
 @@ -1747,7 +1747,13 @@
  	  <para>Different filesystems can have different <firstterm>mount
  	      options</firstterm>.  For example, with careful planning, the
  	    root filesystem can be mounted read-only, making it impossible for
 -	    you to inadvertently delete or edit a critical file.</para>
 +	    you to inadvertently delete or edit a critical file.  As well,
 +	    separating the filesystem containing <filename>/home</filename>,
 +	    from other filesystems means that user-writable filesystems can be
 +	    mounted <firstterm>nosuid</firstterm>.  This will prevent the
 +	    <firstterm>suid/guid</firstterm> bits on executables stored in
 +	    <filename>/home</filename> from taking effect, possibly improving
 +	    security.</para>
  	</listitem>
  
  	<listitem>
Responsible-Changed-From-To: freebsd-doc->ceri 
Responsible-Changed-By: ceri 
Responsible-Changed-When: Mon Jun 2 16:30:31 PDT 2003 
Responsible-Changed-Why:  
I'll make sure this gets looked at. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=52829 
State-Changed-From-To: open->closed 
State-Changed-By: ceri 
State-Changed-When: Sat Jun 7 08:54:44 PDT 2003 
State-Changed-Why:  
I committed a slightly different version of your text; thanks for the 
submission. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=52829 
>Unformatted:
