[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: apt-get and mounting /tmp with noexec option

On Wed, Jan 14, 2004 at 03:53:35AM +0100, Arnoud Warmerdam wrote:
> Hi,
> I have mounted my /tmp directory (which has it's own partition) with the 
> noexec option. The reason i did this, was that a poorly written cgi-script 
> caused a binary to be downloaded and executed in /tmp. Luckily, the 
> firewall prevented it from doing any harm, but i wanted to prevent this 
> from happening again. In the future i plan to place apache in a chroot 
> jail, but in the meantime this seemed like a good thing to do. Here is the 
> line from my /etc/fstab:
> /dev/sda9	/tmp	ext2	noexec,nosuid,rw	0	2


> Is it considered bad practice to mount /tmp with the noexec option? If not, 
> is there a way to tell apt to use another directory?
> - Arnoud Warmerdam

I got tmp mounted noexec too.

// Pre-configure all packages with debconf before they are installed.
// If you don't like it, comment it out.
#DPkg::Pre-Install-Pkgs {"/usr/sbin/dpkg-preconfigure --apt || true";};

As you see, i dont like it.
Frode Haugsgjerd

Reply to: