On Mon, Feb 20, 2006 at 01:58:20PM +0200, Oded Arbel wrote: > > This naturally assumes that the user does not install a private copy > > of the app. Which is a bit tougher in the case of firefox. And > > frankly even in the case of OpenOffice. Both are rather > > self-contained. > > Its the same problem for any app: what would prevent a user from > downloading and compiling a KDE where the kiosk support it disabled ? > > The solution to that is pretty simple: mount /home as noexec (and of > course make sure that all other user writeable locations are also > noexec).
As mentioned in the last discussion of similar nature: /lib/ld-linux.so.2 /full/path/to/exec will bypass noexec. -- Didi ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
