begin quoting DJA as of Tue, Apr 19, 2005 at 09:29:10AM -0700: [snip] > I just tried mounting /home noexec. The immediate result is that X no > longer runs. So, I expect there's a lot more to it than that. If so, > what's the complete recipe? Good question.
I haven't tried this in years, myself, as it makes it a bit difficult to compile-and-test things. > As for /usr being ro, most Linux installations I've seen don't mount > /usr on its own partition. Are you recommending "chmod a-w /usr"? No. Part of the reason why I'm less vociferous these days when Linmumble is brought up is because many installations are going for the one-partition install, and requiring /usr and /lib on bootup. Things seem to be getting more-and-more integrated these days. I'm not certain it's all that easy to take advantage of mount's options to make a system 'more secure'. It may be that it'll break a lot of software. -Stewart "Oh, goody, something to investigate." Stremler
pgpmkjjZQkNdt.pgp
Description: PGP signature
-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
