[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: possible mass-filing of bugs: many shared library packages contain binaries in usr/bin

> On Tue, May 07, 2002 at 04:26:32PM -0500, Manoj Srivastava wrote:
> > 	Indeed, the one pro of having libexec that no one seems to
> >  have mentioned is mount options: if /etc/libexec is a separate file
> >  system, I can mount /lib with noexec, and only have the exec mount
> >  flag for libexec, and it adds a little more hassles to a croacker who
> >  has broken in.

On my system at least, all the directories in /usr/lib are owned by root,
and only writable by their owner. The only directory whose group isn't
root is /usr/lib/games/nethack. Given that, it doesn't seem like it'd be
any easier to put an executable in /usr/lib/somewhere than /etc/libexec.

(Being able to mount /var noexec, otoh...)


Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.

     ``BAM! Science triumphs again!'' 
                    -- http://www.angryflower.com/vegeta.gif

To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: