Re: possible mass-filing of bugs: many shared library packages contain binaries in usr/bin
> On Tue, May 07, 2002 at 04:26:32PM -0500, Manoj Srivastava wrote:
> > Indeed, the one pro of having libexec that no one seems to
> > have mentioned is mount options: if /etc/libexec is a separate file
> > system, I can mount /lib with noexec, and only have the exec mount
> > flag for libexec, and it adds a little more hassles to a croacker who
> > has broken in.
On my system at least, all the directories in /usr/lib are owned by root,
and only writable by their owner. The only directory whose group isn't
root is /usr/lib/games/nethack. Given that, it doesn't seem like it'd be
any easier to put an executable in /usr/lib/somewhere than /etc/libexec.
(Being able to mount /var noexec, otoh...)
Cheers,
aj
--
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.
``BAM! Science triumphs again!''
-- http://www.angryflower.com/vegeta.gif
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: