A few days ago, I asked how to do it. I stumbled across the answer
whilst browsing Google on an entirely different topic. The answer is to
add the parameters "noexec=on" and "noexec32=on" to the boot line. I've
added it via "append" lines in /etc/lilo.conf
#
# Linux bootable partition config begins
#
image = /boot/kernel-2.6-production
root = /dev/sda1
label = Production
read-only # read-only for checking
append = "noexec=on noexec32=on"
image = /boot/kernel-2.6-experimental
root = /dev/sda1
label = Experimental
read-only # read-only for checking
append = "noexec=on noexec32=on"
#
# Linux bootable partition config ends
#
And now for the unrelated part, and the warning. I was reading up on
GRUB, in case I decide to go 64-bit mode in the near future. Apparently,
GRUB will *NOT* install if noexec/noexec32 are enabled. You have to
turn them off before installing GRUB.
--
Walter Dnes <[EMAIL PROTECTED]> In linux /sbin/init is Job #1
My musings on technology and security at http://tech_sec.blog.ca
--
gentoo-user@gentoo.org mailing list
