* W B Hacker: > - ALL? Per OpenBSD practice, the production FreeBSD boxen now mount /var, and > /<the mailstore> as noexec, nosuid. > > I'd call that one an 'ALL' until someone points out what it harms, and WHY > that > critter is allowed to <whatever>...
On a Linux (Debian) box # mount --bind /var/spool/exim4 /var/spool/exim4 # mount -oremount,noexec,nosuid /var/spool/exim4 should make at least the mail store unusable for dropping executables. Of course, this doesn't help against executing dropped shell scripts and calling ld.so directly where that is possible. -Hilko -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
