[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#179125: maintainer scripts tries to exec script in /tmp

Richard Kettlewell <rjk@terraraq.org.uk> wrote:
> Russell Coker <russell@coker.com.au> writes:
>> If you have an administrative policy which precludes users running
>> their own executables then a noexec /tmp and /home are required.
>> Such a policy does not seem very sensible, as has been demonstrated
>> you can run Perl and shell scripts regardless.

> You can run binaries regardless of both noexec and the execute
> permission bits, too.  It's not clear that there's any point to the
> option at all.
[using /lib/ld-linux.so.2]

Using /lib/ld-linux.so.2 gets rid of the suid/sgid-bits, so noexec has
basically the same effect as mounting with nosuid.
                 cu andreas

Reply to: