> Greetings; > > For all practical purposes securing source so that only authorized > people can modify it is for all practical purposes the same as > denying all source to everyone. At least for all the open source > software that you use. > > For the vast majority of things that execute on your system the > same source is freely available to anyone. And they can compile it > using the same compilers and linkers that you do. If they can get > the executable onto your system, then the inconvenience of having > to get the source somewhere else was just that, and a minor one. > > The real problem is to ensure that what gets executed is what > is meant to be executed. And this isn't as easy as it seems. There > are all sorts of clever ways to get a program somewhere in the > /home tree to be executed in place of the "real" one in /usr/bin.
"mount /home -o noexec" stops most of them. It leaves the scripting languages such as perl. You can probably patch them to recognise your filesystem has no executable content. -- Cheers John Summerfield Microsoft's most solid OS: http://www.geocities.com/rcwoolley/ Note: mail delivered to me is deemed to be intended for me, for my disposition.
