[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /home as noexec and X

On Wed, Dec 09, 1998 at 06:02:37PM +0100, Kristoffer.Rose@ENS-Lyon.FR wrote:

> > I mounted my /home partition as noexec (to have more security on my
> > machine) and I found i can't exec scripts like ~/.xsession; would be good
> > if it would be execuuted like "exec sh $HOME/.xsession" and not "exec
> > $HOME/.xsession" imho
> I diasgree: in cases where I'd mount /home as noexec I'd *want* that the
> system refuses to execute anything, including .xsession!
> In any case noone says that .xsession must be a shell script which your
> proposal will force it to be.

I already suggested logic like this:

	if it exists
		if it's executable (chmod +x)
			execute it
		else if it's not executable
			run it with 'sh'

Works great.  I also disagree with your opinion that we don't want it running
.xsession if noexec is set -- if it's just a script, it doesn't add any new
security holes, and if it's an executable binary, 'noexec' will disable it
in all cases.

If you want to disable .xsession completely, turn it off in /etc/X11/config.

Have fun,


Reply to: