Re: [gentoo-user] How many GB for / partition?

Fri, 17 Feb 2006 14:33:50 -0800 

the problem is they both have valid points.  in this,as in nearly all aspects 
of unix administration, there is not a single right answer.

-----Original Message-----
    From: "Patrick Börjesson"<[EMAIL PROTECTED]>
    Sent: 2/17/06 4:15:08 PM
    To: "[email protected]"<[email protected]>
    Subject: Re: [gentoo-user] How many GB for / partition?
    
    First, I can't really understand why either one of you two won't fully
    explain your reasonings when going against the other. It helps noone.
    
    On 2006-02-17 19:04, Hemmann, Volker Armin uttered these thoughts:
    > On Friday 17 February 2006 07:33, Alexander Skwar wrote:
    > > Hemmann, Volker Armin wrote:
    > > > On Thursday 16 February 2006 20:40, Alexander Skwar wrote:
    > > >> Hemmann, Volker Armin wrote:
    > > >> > On Thursday 16 February 2006 17:18, Alexander Skwar wrote:
    > > >> >> Hemmann, Volker Armin wrote:
    > > >> >> >
    > > >> >> > Why should he make /tmp noexec,
    > > >> >>
    > > >> >> Security precaution.
    > > >> >
    > > >> > if you have 10+ users with access to the box. But a workstation,
    > > >> > without even sshd running, it is not needed.
    
    Of course, if you have a system with _no_ services running (including
    apache, sshd and so on), or a firewall that blocks every and all
    incoming connection attempt, then for someone to access /tmp without
    having physical access to the system (in which case you're pretty much
    screwed anyhow) is, as far as I know, impossible.=20
    
    This doesn't take into account client-side exploits; because with these
    the exploiting code has access to whatever resources the user running
    the client has, including writing to whatever areas that the user has.=20
    
    > > >> "needed" - What's "needed", anyway?
    > > >>
    > > >> > And hey, why should /tmp noexec save you from anything?
    > > >>
    > > >> Because it does.
    > > >
    > > > so? how?
    > >
    > > Think, you might find out. What does noexec do, hm?
    > >
    > > Even *you* might find out...
    > >
    > > Well... If I think about it... No, you're too clueless
    > > to find out.
    > >
    > > Hint 1: "noexec" nowadays makes it impossible to execute
    > > programs stored on that filesystem.
    >=20
    > I know, but it won't save you from anything.
    > After a user got in, he is a user. And every user has a place with write=
    =20
    > permission (if he is user apache/httpd he has lots of places, where he ca=
    n=20
    > store code).  Outside of /tmp.
    
    Where?    

[Message truncated. Tap Edit->Mark for Download to get remaining portion.]

-- 
[email protected] mailing list

Reply via email to