Bug#249305: Debian-installer, beta-4
On Sun, 16 May 2004, Joey Hess wrote:
> Mika Bostrom wrote:
> > As marked with '**' above, there are certain issues with partitioning.
> > First, it is not exactly intuitive - the rest of the install is.
> > Secondly, a person doing a relatively secure install will find himself
> > shot on the foot. I chose mount options for /tmp: nodev,nosuid,noexec
> > this was a bad idea.
>
> There is absolutely no security benefit to noexec /tmp whatsoever.
I know. It's trivial to call binaries through /lib/ld-linux.so and
scripts via the actual shell. Any kind of attacker would circumvent the
flag in about two seconds.
What I want to achieve, is simply to minimise the possible effects of
worms or automated tools that drop their payload in /tmp and run it from
there.
Paranoid? Yes. Paranoid enough? Possibly not.
> > Trying to do a reinstall: I was happy with the partition layout and
> > wouldn't have wanted to set it again; only wanted to remove the noexec
> > flag from /tmp. This proved to be impossible. The partitioning menu,
> > when faced with existing layout and filesystems, only displays three
> > selections. Editing the partition and its options is not one of them.
>
> Sure it is. Move the cursor to the paritition you wish to edit and press
> enter.
Would you believe me that I indeed tried? I might be feeling
adventurous tomorrow and do it again. This time I'll have a camera ready
to grab interesting shots.
> > There is one final issue with second stage of install. Setting up the
> > packages winds up in an error.
> Do you have the error message?
Yeah, I finally found it. It was a fetch error. Why it occurred on two
separate installs and with different packages (and only one for each
install) I can not even guess.
I'll blame the network.
--
Mika Boström \ / "World peace will be achieved
Bostik@lut.fi X when the last man has killed
Security freak / \ the second-to-last." -anon?
Reply to: