On May 22, "Karsten M. Self" <[EMAIL PROTECTED]> wrote: > Reviewing mount options for various real and virtual filesystems, I'm > wondering if it might be preferable to set the nosuid and possibly > noexec options for udev (obviously it cannot be made nodev ;-). This looks like security by obscurity.
> There's a possible concern with mmap() and mprotect() for noexec mounts, > but restricting the ability to create suid files may be a positive > security measure. Can you provide a more compelling argument? Have you tried doing this on a large number of systems to check if something would break? -- ciao, Marco
signature.asc
Description: Digital signature
