On Sunday 16 April 2006 14:19, Colin Percival wrote: > Brendan Grossman wrote: > > Here is my reason for separating /tmp and mounting it > > noexec,nosuid: > > > > http://www.sagonet.com/forums/showthread.php?t=2852 > > Quoth mount(8): > noexec Do not allow execution of any binaries on the > mounted file system. This option is useful for a server that has > file systems containing binaries for architectures other than its > own. Note: This option was not designed as a security feature and no > guarantee is made that it will prevent malicious code execution; for > example, it is still possible to execute scripts which reside on a > noexec mounted partition. > > Mounting /tmp as noexec causes perfectly good code to gratuitously > fail, while providing no real security improvement.
Including weird system or port update failures. Kent -- Kent Stewart Richland, WA http://www.soyandina.com/ "I am Andean project". http://users.owt.com/kstewart/index.html _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"