On Thu, Oct 02, 2003 at 10:39:50PM -0400, ScruLoose wrote: > On Thu, Oct 02, 2003 at 09:27:48PM -0500, John Hasler wrote: > > ScruLoose writes: > > > > But at least you _can_ mount /home noexec, and in many circumstances > > > that'll be a perfectly practicable solution... :P > > > > It's not a complete solution. It's just another layer of defense. > > This is entirely true and has already been mentioned in this thread. > The response, which seems highly valid to me, went something like > this: > The kind of user who knows how to get around the noexec barrier is > _not_ the kind of user who's going to be taken in by a click-through > e-mail virus or trojan. > > So in the context of this discussion, mounting /home noexec seems to be > a perfectly adequate solution for the problem we're applying it to.
I don't know but this seems like overkill. Does mounting home noexec mean that I can't run programs for /home/. What about at school. They don't even have lynx installed and their version of mutt is broken, etc. I depend on being able to compile and install software in ~/software/. Wouldn't an even easier solution be to stop the user from using the computer. No way they can get a virus that way :) Just joking but still... Bijan -- Bijan Soleymani <[EMAIL PROTECTED]> http://www.crasseux.com
signature.asc
Description: Digital signature
