On Sun, Jul 13, 2003 at 03:10:24PM -0400, Phillip Hofmeister wrote: > On Sat, 12 Jul 2003 at 09:34:16PM -0400, Noah L. Meyerhans wrote: > > Basically, what it comes down to is that you *can not* prevent files > > from being executed. Even if you remove the execute bits from /tmp/ls > > in the above example, you'll still be able to run it. > > I believe grsecurity ACLs will prevent /tmp from being loaded by > ld-linux...
If the user can read files in /tmp, they can execute the code in them. What problem is noexec /tmp supposed to solve? -- - mdz
