On Mon, Jul 27, 1998 at 08:24:20AM +0200, Matus fantomas Uhlar wrote: > hmmm maybe i'd mount /home as noexec too... users could hate it cause it > would prevent from using scripts and e.g. links to ssh (like > fantomas.fantomas.sk. -> /usr/bin/ssh which would call ssh to > fantomas.fantomas.sk) but that might be security advantage...imo
Iss this really true? I mean, what about "sh <filename>", wouldn't this execute scripts? And then oyu have to make /tmp noexec, too. And you'll have to be very strict with the software you install. Java would probably be a nono, as well as every other interpreted language. And you can do everything with perl anyway :) I'm not claiming any knowledge (I didn't test the above things), but I'm sure noexec does not make sense if you have real users. If you only want to serve a mailhost or limited services, or a browser terminal in the public or something, you are well advised to build all sort of walls and protection you can think of, though :) Marcus -- "Rhubarb is no Egyptian god." Debian GNU/Linux finger brinkmd@ Marcus Brinkmann http://www.debian.org master.debian.org [EMAIL PROTECTED] for public PGP Key http://homepage.ruhr-uni-bochum.de/Marcus.Brinkmann/ PGP Key ID 36E7CD09 -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
