Hi Dave,
On Tue, 18 Mar 2014 13:29:36 -0400
Dave Reisner d...@falconindy.com wrote:
[...]
Moreover noexec is mostly snake-oil, isn't it? You can invoke the
executables with an interpreter still, and you can copy the files
elsewhere...
True for the interpreted code.
And compiled
[Sorry, forgot to CC the mailing list]
Hi Lennart,
On Tue, 18 Mar 2014 02:33:50 +0100
Lennart Poettering lenn...@poettering.net wrote:
On Mon, 17.03.14 19:04, Leonid Isaev (lis...@umail.iu.edu) wrote:
Hi,
Currently, XDG_RUNTIME_DIR=/run/user/UID is mounted with rather
On Mar 18, 2014 12:59 PM, Leonid Isaev lis...@umail.iu.edu wrote:
[Sorry, forgot to CC the mailing list]
Hi Lennart,
On Tue, 18 Mar 2014 02:33:50 +0100
Lennart Poettering lenn...@poettering.net wrote:
On Mon, 17.03.14 19:04, Leonid Isaev (lis...@umail.iu.edu) wrote:
Hi,
On Tue, 18.03.14 12:59, Leonid Isaev (lis...@umail.iu.edu) wrote:
I mean, the XDG_RUNTIME_DIR spec says the dir must be fully-featured by
the standards of the operating system. More specifically, ... proper
permissions ... must be supported. I'd read that as if the x bit should
do what it
On Mar 18, 2014 8:19 PM, Lennart Poettering lenn...@poettering.net
wrote:
…
Well, the ELF interpretor stuff means noexec is pretty much entirely
useless.
If by this you mean running '/lib/ld-linux.so.2' directly, that does not
work with noexec anymore, due to the aforementioned mmap
Hi,
Currently, XDG_RUNTIME_DIR=/run/user/UID is mounted with rather
permissive, hardcoded mount options (or at least I couldn't find a documented
way of changing them). Specifically, a user is allowed to execute things from
his $XDG_RUNTIME_DIR. This effectively negates admin's ability to
On Mon, 17.03.14 19:04, Leonid Isaev (lis...@umail.iu.edu) wrote:
Hi,
Currently, XDG_RUNTIME_DIR=/run/user/UID is mounted with rather
permissive, hardcoded mount options (or at least I couldn't find a documented
way of changing them). Specifically, a user is allowed to execute things