Re: /home as noexec and X
-> > -> Previously Matus fantomas Uhlar wrote:
-> > -> > I mounted my /home partition as noexec (to have more security on my machine)
-> > -> > and I found i can't exec scripts like ~/.xsession;
-> > ->
-> > -> That sounds like a seriously broken setup anyway. Why not use nosuid as
-> > -> a mount option and make sure . is not in your path?
-> >
-> > I just don't want any user to download any executable and use it.
-> > maybe i'm paranoid about security but this sounds like good idea to me;
-> > maybe linux kernel could be patched to allow executing of scripts (starting
-> > with #!) on partition mounted as "noexec"
->
-> It could. But shell scripts are almost as powerful as executables, so
-> it's not clear why you would.
not so much in some cases :)
-> You are also preventing people running anything they have created with a
-> compiler.
yeah, that's exactly what I wanna do :)
-> Beware of any other world-writable directories (/tmp,/var/tmp), and also
-> of scripting languages (perl,python) which allow people to create
-> executable files of arbitrary 'power' without needing the exec bit.
/var it mounted noexec too and /tmp is linked to /var
and perl & python - yeah they can do much ; but I can prevent users from
running them, or uninstall them
--
Matus "fantomas" Uhlar, sysadmin at NETLAB+ Kosice, Slovakia
BIC coord for *.sk; admin of netlab.irc.sk; co-admin of irc.felk.cvut.cz
Reply to: