On Sat, Dec 17, 2005 at 09:18:39PM +0100, Michiel van Baak wrote: > > > /home > > > > An asterisk system typically does not have users and need nt have a > > separate /home > > I disagree here. > You have at least 1 user to remotaly login to the system to > do some work on it. Think config changes etc. > In case of unauthorized access (ppl stole your password or > whatever) you will be glad you have /home on a seperate > partition that is mounted noexec,nosuid,nodev
noexec? What will that give you against a user with a shell acount? [EMAIL PROTECTED]:~/Proj/Debs/Netcat/netcat-1.10$ $ cp /bin/ech /tmp/echonoexec $ chmod 644 /tmp/echonoexec $ ls -l /tmp/echonoexec -rw-r--r-- 1 tzafrir tzafrir 13912 2005-12-17 23:52 /tmp/echonoexec $ /lib/ld-linux.so.2 /tmp/echonoexec it runs! it runs! Not to mention all of the #! executables. Only static executables are "harmed". So what was it that noexec prevented me form doing? -- Tzafrir Cohen | [EMAIL PROTECTED] | VIM is http://tzafrir.org.il | | a Mutt's [EMAIL PROTECTED] | | best ICQ# 16849755 | | friend _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
