Hi, On Fri, Jan 16, 2009 at 03:13:10PM -0600, Boyd Stephen Smith Jr. wrote: > On Friday 2009 January 16 14:45:44 Michael Loftis wrote:
[hardlinking (suid binaries in hope a vulnerability will be found)] > >you can't do > >it across drives, > > Right, but the default partitioning puts /sbin /usr/sbin etc. on the same > filesystem as /home and /tmp, exposing the system to these attacks. just an addition: Often I've seen /home as a separate mount (mounted nosuid,nodev,...) and /tmp as tmpfs, but then we have /var/tmp (which can't be tmpfs, because it's purpose is to retain the files even across reboots). I haven't tried it yet, but could a bind-mount be done (e. g. /var/real-tmp -> /var/tmp) with additional options nosuid,nodev,... (while /var or / is mounted suid,dev,...)? Greetings, Mike Dornberger -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
