Re: Debconf and noexec on /tmp
Wichert Akkerman <wichert@wiggy.net> writes:
> Previously Ethan Benson wrote:
> > its not, it provides you NO extra security whatsoever, and will break
> > many many things.
>
> It breaks a fair number of scripts that script-kiddies use, and as
> such it is somewhat useful.
<nod>. FWIW it'll also break gzexe, as well (although why anyone would use
that in this day & age...).
Personally, I'd *like* to put noexec on /var and have done; for a firewall
system tracking stable+secure that's not going to be dist-upgraded very
often, being able to tighten these things down is reasonable. Still, dpkg
has to have *somewhere* to run its pre/post-inst scripts.
~Tim
--
We stood in the moonlight |piglet@stirfried.vegetable.org.uk
and the river flowed |http://spodzone.org.uk/
Reply to: