On Fri, Nov 12, 2010 at 01:30:49PM +0000, James Allsopp wrote: > Hi, > I was reading this page about making tmp non-executable > (http://pario.no/2007/10/04/making-tmp-non-executable/) but it seems a > little out of date as I'm using Squeeze. > > I changed fstab, and edited by 70debconf to > > DPkg::Pre-Install-Pkgs {"mount -o remount,exec > /tmp";"/usr/sbin/dpkg-preconfigure --apt || true";}; > DPkg::Post-Invoke{"mount -o remount /tmp";}; > > is this correct? Aptitude still works fine, but I was wondering if > anyone had experience of pitfalls with this? > > Would I replicate this for my /var partition and is there any point to > doing this with /home?
I use almost the same configuration:
# cat /etc/apt/apt.conf.d/20tmpperms
DPkg::Pre-Invoke{"mount -o remount,exec /tmp";};
DPkg::Post-Invoke {"mount -o remount /tmp";};
And my fstab looks like this:
# grep tmp /etc/fstab
/dev/mapper/root_vg-tmp_lv /tmp ext3 defaults,noexec,nosuid 0 2
It works OK. Regarding var, I wouldn't do it. Some files need execute
permissions. Others might have another opinion, though.
And /home, well, some of us like to have /home/${USER}/.dist/bin or
something similar in our ${PATHS}, so it depends on your setup.
HTH.
--
Huella de clave primaria: 0FDA C36F F110 54F4 D42B D0EB 617D 396C 448B 31EB
signature.asc
Description: Digital signature
