On Mon, Jul 14, 2003 at 12:13:37PM +0100, David Ramsden wrote: > I'd like to agree. > noexec almost certainly better than nothing at all!
Only if it were obviously correct and cost nothing. In the case of noexec on /tmp, it breaks things and so the small amount of obfuscation is not worth it in my opinion. > For those people who have made /tmp part of / (i.e. /tmp isn't a > partition and isn't mounted).. I created a file using dd and /dev/zero > of around 20Mb. Then used mkfs to make it in to a file system and > mounted it as /tmp with noexec and other permissions. This sounds slow. Why not just make a /tmp partition? > Although I believe there is tmpfs for this? Or use tmpfs (which uses virtual memory to hold the filesystem data). > Security by obscurity isn't it? At least you'd have the little bit of > extra padding there. "Security" by obscurity isn't security. -- - mdz
