On Mon, Feb 23, 2004 at 01:02:42PM +0100, Colin Leroy wrote: > On 23 Feb 2004 at 12h02, Kiko Piris wrote: > > One other advantage in separating partitions is security: you can mount > > /boot ro,noexec,nodev,nosuid, /home nosuid,nodev, /tmp nosuid,nodev, > > etc. (http://www.seifried.org/lasg/installation/). > > /home nosuid is painful on real shared computers where users may want > their own ~/bin...
It might be safer to consider 'userv' rather than having users creating their own set-id binaries. > Anyway, /lib/ld.so.1 has to be executable and running `/lib/ld.so.1 > /path/to/nosuid/partition/binary` runs the binary. Imho nosuid is a > very minimal protection. This is true of noexec, not nosuid. Did you mean that? -- Colin Watson [EMAIL PROTECTED]
