Re: /home as noexec and X
On Wed, 9 Dec 1998, Matus fantomas Uhlar wrote:
> -> Previously Matus fantomas Uhlar wrote:
> -> > I mounted my /home partition as noexec (to have more security on my machine)
> -> > and I found i can't exec scripts like ~/.xsession;
> ->
> -> That sounds like a seriously broken setup anyway. Why not use nosuid as
> -> a mount option and make sure . is not in your path?
>
> I just don't want any user to download any executable and use it.
> maybe i'm paranoid about security but this sounds like good idea to me;
> maybe linux kernel could be patched to allow executing of scripts (starting
> with #!) on partition mounted as "noexec"
It could. But shell scripts are almost as powerful as executables, so
it's not clear why you would.
You are also preventing people running anything they have created with a
compiler.
Beware of any other world-writable directories (/tmp,/var/tmp), and also
of scripting languages (perl,python) which allow people to create
executable files of arbitrary 'power' without needing the exec bit.
Jules
/----------------+-------------------------------+---------------------\
| Jelibean aka | jules@jellybean.co.uk | 6 Evelyn Rd |
| Jules aka | jules@debian.org | Richmond, Surrey |
| Julian Bean | jmlb2@hermes.cam.ac.uk | TW9 2TF *UK* |
+----------------+-------------------------------+---------------------+
| War doesn't demonstrate who's right... just who's left. |
| When privacy is outlawed... only the outlaws have privacy. |
\----------------------------------------------------------------------/
Reply to: