On 2013-04-24 11:31 AM, Florian Philipp <li...@binarywings.net> wrote:
Am 24.04.2013 17:12, schrieb Tanstaafl:
Ok, but - does it make sense to add the noexec option to /var/tmp? Is it
possible that there are other apps that need exec capability in there?
It makes sense. Any world-writable directory should be noexec to make
script injection harder. Other directories, too, like /var/www (if you
can, i.e. no cgi). I cannot tell you if any application might need it.
Try it. It is easy enough to revert, maybe even with a `mount -o
remount`, I'm not sure.
Also, look at
http://serverfault.com/questions/72356/how-useful-is-mounting-tmp-noexec
Hmmm, this only talks about /tmp... I'm talking about /var/tmp...
So, I guess you're right, I'll just need to try it and see...
What is the 'pass' column? Th 5th column is the 'dump' column, and the
6th is the 'fsck' column, afaik?
Okay, your "fsck" column is called "pass" in my fstab. Anyway, a value
of two means "fsck after root", one means "fsck as root" and 0 "no
fsck". See `man fstab`. Obviously you want fsck.
Gotcha, that's what I thought...
Thanks again Florian
