On Mon, Apr 25, 2016 at 5:54 PM, hans <'h...@stare.cz'> wrote:
> LOL, absolutely! God forbid people would run their own programs!
Couldn't special permissions be necessary for installing programs? There
could be a group with write permissions to a special executable
directory, which could even be
And don't forget, you can also add additional home folders for scripts.
I was developing some scripts that were in active use in
/usr/local/sbin.
By adding my ~/Tools to my path BEFORE, my test scripts would be
selected instead of the active ones. I just had to give absolute paths
for the existing
> >You have to decide for yourself what
> > is right for your environment.
>
> Yeah, generally noone seems interested, though I did see it on the list
> of CESG required improvements for whatever level it was for Linux
> despite some of their policy being flawed in much more important ways,
> haha
> to allow some flexibility so that users can write and maintain custom
> scripts for automating common tasks?
Scripts can still be run under noexec as /bin/sh is in a partition
mounted exec, so long as you run it with /bin/sh in front. It will
break many scripts however.
I intend to come up wi
It is a risk, but it's a small one. Generally speaking, the files will be
owned by that user, executed as that user, and pose a minimal risk since
"that user" is unprivileged. However, it does allow for compiling code
that could be used as a local privilege escalation and calling it from your
"ho
On 19/04/16 18:48, Joe Schillinger wrote:
Hi misc,
Should /home be mounted as noexec by default for security? I noticed
~/bin is in the default $PATH (via /etc/skel/.profile), but isn't this
somewhat of a security risk? Theoretically, if a threat has unprivileged
access, wouldn't it be able to e
> Should /home be mounted as noexec by default for security? I noticed
> ~/bin is in the default $PATH (via /etc/skel/.profile), but isn't this
> somewhat of a security risk? Theoretically, if a threat has unprivileged
> access, wouldn't it be able to execute unauthorized programs?
>
> Someone men
7 matches
Mail list logo
