Re: /home as noexec and X
On Thu, Dec 10, 1998 at 07:44:00AM +0100, Matus fantomas Uhlar wrote:
> -> > -> Previously Matus fantomas Uhlar wrote:
> -> > -> > I mounted my /home partition as noexec (to have more security on my machine)
> -> > -> > and I found i can't exec scripts like ~/.xsession;
> -> > ->
> -> > -> That sounds like a seriously broken setup anyway. Why not use nosuid as
> -> > -> a mount option and make sure . is not in your path?
> -> >
> -> > I just don't want any user to download any executable and use it.
> -> > maybe i'm paranoid about security but this sounds like good idea to me;
> -> > maybe linux kernel could be patched to allow executing of scripts (starting
> -> > with #!) on partition mounted as "noexec"
> ->
> -> It could. But shell scripts are almost as powerful as executables, so
> -> it's not clear why you would.
>
> not so much in some cases :)
>
> -> You are also preventing people running anything they have created with a
> -> compiler.
>
> yeah, that's exactly what I wanna do :)
>
> -> Beware of any other world-writable directories (/tmp,/var/tmp), and also
> -> of scripting languages (perl,python) which allow people to create
> -> executable files of arbitrary 'power' without needing the exec bit.
>
> /var it mounted noexec too and /tmp is linked to /var
> and perl & python - yeah they can do much ; but I can prevent users from
> running them, or uninstall them
Well, no, you really can't uninstall perl. If you do, you might as
well throw out half of the system.
Dan
/--------------------------------\ /--------------------------------\
| Daniel Jacobowitz |__| CMU, CS class of 2002 |
| Debian GNU/Linux Developer __ Part-Time Systems Programmer |
| dan@debian.org | | drow@cs.cmu.edu |
\--------------------------------/ \--------------------------------/
Reply to: