In message <[EMAIL PROTECTED]>, Ian writes: >so surely, if nothing needs to be executed, it is better to mount >noexec?
The thing about noexec is that you can almost always circumvent it. If you have a shell script in /tmp that you want to execute, you can use "sh /tmp/r00tk1t". If you have a binary, "/lib/ld-linux.so.2 /tmp/r00tk1t". It's a bit like non-executable stacks; right now it will probably break a lot of existing exploits, but for the most part only fairly trivial modifications are needed to make them work again. So it doesn't really buy you any extra security. p.
