mounting /tmp as executable or not?

To: "Debian-user" <debian-user@lists.debian.org>
Subject: mounting /tmp as executable or not?
From: "Bernd Prager" <bernd@prager.ws>
Date: Mon, 5 Dec 2005 14:32:16 -0500 (EST)
Message-id: <[🔎] 58611.198.45.19.20.1133811136.squirrel@mail.prager.ws>
Reply-to: bernd@prager.ws
In-reply-to: <[🔎] 20051205191033.GA16305@kitenet.net>
References: <[🔎] 20051205151855.GE32677@ulvedalen.dk> <[🔎] 20051205191033.GA16305@kitenet.net>

I was wondering if there's some security or other benefits in mounting
/tmp with a "noexec" option. Even if scripts there can still be executed
but - binary programs should not, right? At least something, I thought.
When I was checking it out, unfortunately some apt-get updates started
failing, like:

Preconfiguring packages ...
Can't exec "/tmp/cvs.config.56471": Permission denied at
/usr/share/perl/5.8/IPC/Open3.pm line 168.
open2: exec of /tmp/cvs.config.56471 configure 1:1.12.9-16 failed at
/usr/share/perl5/Debconf/ConfModule.pm line 44
cvs failed to preconfigure, with exit status 2

So now I just think it's wasted energy and tend to reverse that "noexec"
flag to "standard" again.

Any suggestions or experiences?
Thanks,
-- Bernd

Reply to:

Follow-Ups:
- Re: mounting /tmp as executable or not?
  - From: "Roberto C. Sanchez" <roberto@familiasanchez.net>

References:
- installing sarge on a notebook, resizing ntfs partition
  - From: Søren Christensen <severino@ulvedalen.dk>
- Re: installing sarge on a notebook, resizing ntfs partition
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Re: apt and hplip
Next by Date: Re: file-max is only 4096 with 1 GB mem
Previous by thread: Re: installing sarge on a notebook, resizing ntfs partition
Next by thread: Re: mounting /tmp as executable or not?
Index(es):
- Date
- Thread