Re: [OT] fhs and multiple partitions (was: Installing Debian using ...)
On Mon, Feb 23, 2004 at 01:02:42PM +0100, Colin Leroy wrote:
> On 23 Feb 2004 at 12h02, Kiko Piris wrote:
> > One other advantage in separating partitions is security: you can mount
> > /boot ro,noexec,nodev,nosuid, /home nosuid,nodev, /tmp nosuid,nodev,
> > etc. (http://www.seifried.org/lasg/installation/).
>
> /home nosuid is painful on real shared computers where users may want
> their own ~/bin...
It might be safer to consider 'userv' rather than having users creating
their own set-id binaries.
> Anyway, /lib/ld.so.1 has to be executable and running `/lib/ld.so.1
> /path/to/nosuid/partition/binary` runs the binary. Imho nosuid is a
> very minimal protection.
This is true of noexec, not nosuid. Did you mean that?
--
Colin Watson [cjwatson@flatline.org.uk]
Reply to: