On Sun, 16 May 2004, Joey Hess wrote: > Mika Bostrom wrote: > > As marked with '**' above, there are certain issues with partitioning. > > First, it is not exactly intuitive - the rest of the install is. > > Secondly, a person doing a relatively secure install will find himself > > shot on the foot. I chose mount options for /tmp: nodev,nosuid,noexec > > this was a bad idea. > > There is absolutely no security benefit to noexec /tmp whatsoever.
I know. It's trivial to call binaries through /lib/ld-linux.so and scripts via the actual shell. Any kind of attacker would circumvent the flag in about two seconds. What I want to achieve, is simply to minimise the possible effects of worms or automated tools that drop their payload in /tmp and run it from there. Paranoid? Yes. Paranoid enough? Possibly not. > > Trying to do a reinstall: I was happy with the partition layout and > > wouldn't have wanted to set it again; only wanted to remove the noexec > > flag from /tmp. This proved to be impossible. The partitioning menu, > > when faced with existing layout and filesystems, only displays three > > selections. Editing the partition and its options is not one of them. > > Sure it is. Move the cursor to the paritition you wish to edit and press > enter. Would you believe me that I indeed tried? I might be feeling adventurous tomorrow and do it again. This time I'll have a camera ready to grab interesting shots. > > There is one final issue with second stage of install. Setting up the > > packages winds up in an error. > Do you have the error message? Yeah, I finally found it. It was a fetch error. Why it occurred on two separate installs and with different packages (and only one for each install) I can not even guess. I'll blame the network. -- Mika Boström \ / "World peace will be achieved [EMAIL PROTECTED] X when the last man has killed Security freak / \ the second-to-last." -anon? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
