On Saturday 15 July 2006 13:41, Ned Ludd wrote: > On Sat, 2006-07-15 at 17:45 +0100, Daniel Drake wrote: > > The local root exploit-of-the-week would have been unable to run if our > > users systems had /proc mounted with nosuid and/or noexec > > > > It would be worthwhile considering making this a default. What are > > people's thoughts? > > I mailed Mike about this very thing a month ago. Pretty sure it should > be showing up in an upcoming baselayout. But yeah it's a good idea for > the nosuid part anyway. Not 100% sure about the noexec part as that > might break upx which calls /proc/self/exe as part of it's decompresser > routines.
this will be in baselayout-1.12.2+ -mike
pgpmAsZg73PIb.pgp
Description: PGP signature