On Thu, Nov 08, 2001 at 03:13:05PM +0100, Emmanuel Lacour wrote: > Hi, > > I've got an ix86 with woody installed today, made a separate partition > for /tmp and mounted it noexec (I thinks it's a good Idea...).
its not, it provides you NO extra security whatsoever, and will break many many things. (quite a few programs create temporary shell scripts and whatnot). try copying /bin/date to your noexec /tmp then run (varying slightly by architecture, but i386 example follows): try running /tmp/date, which fails, then run /lib/ld-linux.so.2 /tmp/date its basically the same thing as running /bin/sh /tmp/evilshellscript instead of just /tmp/evilshellscript -- Ethan Benson http://www.alaska.net/~erbenson/
pgpGI2VOLo0LA.pgp
Description: PGP signature
