On 06/23/2006 3:08:25 PM +0100 Michael Sprague <mfs@saneinc.net> said: > If possible, make /tmp its own file system and mount it with 'noexec'. > This really helps stop these types of attacks. In fact I would > recommend 'rw,noexec,nosuid,nodev' as the mount options. Sound advice, but make sure you have a mechanism in place for updating a system (many package installations and updates will fail if /tmp is noexec). There are a number of ways of doing that. Keith