First thing I do is move /tmp and /var/tmp to a partition that's mounted noexec. Too many sloppy PHP apps. Worms drop things in /tmp and run them from there.Do you know, that you can run anything from there without haveing /tmp exec? Crackerst today can execute anythin even if mounted noexec
I would agree, however this is another layer of security that will stop most basic worms that attempt to execute themselfs from the /tmp directory.
Regards, Mark Poole