On Sunday 16 April 2006 14:19, Colin Percival wrote:
> Brendan Grossman wrote:
> > Here is my reason for separating /tmp and mounting it
> > noexec,nosuid:
> > http://www.sagonet.com/forums/showthread.php?t=2852
> Quoth mount(8):
> noexec Do not allow execution of any binaries on the
> mounted file system. This option is useful for a server that has
> file systems containing binaries for architectures other than its
> own. Note: This option was not designed as a security feature and no
> guarantee is made that it will prevent malicious code execution; for
> example, it is still possible to execute scripts which reside on a
> noexec mounted partition.
> Mounting /tmp as noexec causes perfectly good code to gratuitously
> fail, while providing no real security improvement.
Including weird system or port update failures.
http://www.soyandina.com/ "I am Andean project".
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"