Brendan Grossman wrote: > Here is my reason for separating /tmp and mounting it noexec,nosuid: > > http://www.sagonet.com/forums/showthread.php?t=2852
Quoth mount(8): noexec Do not allow execution of any binaries on the mounted file system. This option is useful for a server that has file systems containing binaries for architectures other than its own. Note: This option was not designed as a security feature and no guarantee is made that it will prevent malicious code execution; for example, it is still possible to execute scripts which reside on a noexec mounted partition. Mounting /tmp as noexec causes perfectly good code to gratuitously fail, while providing no real security improvement. Colin Percival FreeBSD Security Officer _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"