On Sat, 2006-07-15 at 17:45 +0100, Daniel Drake wrote: > Hi, > > The local root exploit-of-the-week would have been unable to run if our > users systems had /proc mounted with nosuid and/or noexec > > It would be worthwhile considering making this a default. What are > people's thoughts?
I mailed Mike about this very thing a month ago. Pretty sure it should be showing up in an upcoming baselayout. But yeah it's a good idea for the nosuid part anyway. Not 100% sure about the noexec part as that might break upx which calls /proc/self/exe as part of it's decompresser routines. -- Ned Ludd <[EMAIL PROTECTED]> Gentoo Linux -- [email protected] mailing list
