On Sunday 23 May 2010 18:46:29 Tom Furie wrote:
> On Sun, May 23, 2010 at 10:38:48AM -0400, Andrew Reid wrote:
> > Setting the *directory* noexec seems very bad, since the exec bit
> > on directories controls the ability to cd to it, and turning that
> > off would make it largely useless.
>
> Just for the sake of argument *why* is setting /tmp rw- a bad thing?
> Surely if you put a file there, you know the full pathname, why would
> you need to list or search /tmp?
Well, I don't actually know for sure that it's bad, but it seems
to invite broken-ness.
Recursive Makefiles are notorious for cd-ing all over the place,
but then again, that's usually in the source tree, which may or
may not be in /tmp, depending where you unpacked it.
As a theoretical example, I can easily imagine an installer that
might unpack a set of example configurations into /tmp, and then do
an "ls" to grep out the one that matches the local output of "uname -m"
to select it for further architecture-specific processing. I can easily
imagine myself writing such a thing.
So, I confess "making it largely useless" was hyperbolic, but I still
think it's a bad idea.
-- A.
--
Andrew Reid / rei...@bellatlantic.net
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/201005231930.17311.rei...@bellatlantic.net
