Re: /home as noexec and X
On Wed, Dec 09, 1998 at 06:02:37PM +0100, Kristoffer.Rose@ENS-Lyon.FR wrote:
> > I mounted my /home partition as noexec (to have more security on my
> > machine) and I found i can't exec scripts like ~/.xsession; would be good
> > if it would be execuuted like "exec sh $HOME/.xsession" and not "exec
> > $HOME/.xsession" imho
> I diasgree: in cases where I'd mount /home as noexec I'd *want* that the
> system refuses to execute anything, including .xsession!
> In any case noone says that .xsession must be a shell script which your
> proposal will force it to be.
I already suggested logic like this:
if it exists
if it's executable (chmod +x)
else if it's not executable
run it with 'sh'
Works great. I also disagree with your opinion that we don't want it running
.xsession if noexec is set -- if it's just a script, it doesn't add any new
security holes, and if it's an executable binary, 'noexec' will disable it
in all cases.
If you want to disable .xsession completely, turn it off in /etc/X11/config.