On Mon, Oct 24, 2016 at 9:04 AM, Stephen Dowdy <[email protected]> wrote:
> SUMMARY: you could use linux namespaces (see proof-of-concept below) Since i failed to explicitly state WHY using this over 'mount -o remount,exec /tmp', the point would be to NOT enable a potential GLOBAL /tmp trojan/drop attack (the main point behind NOEXEC use on /tmp) even during a short window (where "short" can be as long as like 30 minutes with an iDRAC update) --stephen -- Stephen Dowdy - Systems Administrator - NCAR/RAL 303.497.2869 - [email protected] - http://www.ral.ucar.edu/~sdowdy/
_______________________________________________ Linux-PowerEdge mailing list [email protected] https://lists.us.dell.com/mailman/listinfo/linux-poweredge
