> to allow some flexibility so that users can write and maintain custom > scripts for automating common tasks?
Scripts can still be run under noexec as /bin/sh is in a partition mounted exec, so long as you run it with /bin/sh in front. It will break many scripts however. I intend to come up with some wrapper for interpreters to respect noexec, though I'm sure it will piss me off a little at times, haha. I believe grsecurity actually has a knob that prevents even scripts running at all under non "trusted paths". I wouldn't trade OpenBSD for grsecurity though ever, btw. >You have to decide for yourself what > is right for your environment. Yeah, generally noone seems interested, though I did see it on the list of CESG required improvements for whatever level it was for Linux despite some of their policy being flawed in much more important ways, haha. -- KISSIS - Keep It Simple So It's Securable
