Re: Debconf and noexec on /tmp

To: debian-security@lists.debian.org
Subject: Re: Debconf and noexec on /tmp
From: Tim Haynes <debian@stirfried.vegetable.org.uk>
Date: 08 Nov 2001 14:53:21 +0000
Message-id: <[🔎] 86lmhhb9ge.fsf@potato.vegetable.org.uk>
Reply-to: debian@stirfried.vegetable.org.uk
In-reply-to: <[🔎] 20011108154356.L20495@wiggy.net> (Wichert Akkerman's message of "Thu, 8 Nov 2001 15:43:56 +0100")
References: <[🔎] 20011108151305.A9804@easter-eggs.com> <[🔎] 20011108053148.G28190@plato.local.lan> <[🔎] 20011108154356.L20495@wiggy.net>

Wichert Akkerman <wichert@wiggy.net> writes:

> Previously Ethan Benson wrote:
> > its not, it provides you NO extra security whatsoever, and will break
> > many many things.
> 
> It breaks a fair number of scripts that script-kiddies use, and as
> such it is somewhat useful.

<nod>. FWIW it'll also break gzexe, as well (although why anyone would use
that in this day & age...). 

Personally, I'd *like* to put noexec on /var and have done; for a firewall
system tracking stable+secure that's not going to be dist-upgraded very
often, being able to tighten these things down is reasonable. Still, dpkg
has to have *somewhere* to run its pre/post-inst scripts.

~Tim
-- 
We stood in the moonlight                   |piglet@stirfried.vegetable.org.uk
and the river flowed                        |http://spodzone.org.uk/

Reply to:

Follow-Ups:
- Re: Debconf and noexec on /tmp
  - From: Emmanuel Lacour <elacour@easter-eggs.com>

References:
- Debconf and noexec on /tmp
  - From: Emmanuel Lacour <elacour@easter-eggs.com>
- Re: Debconf and noexec on /tmp
  - From: Ethan Benson <erbenson@alaska.net>
- Re: Debconf and noexec on /tmp
  - From: Wichert Akkerman <wichert@wiggy.net>

Prev by Date: Re: Debconf and noexec on /tmp
Next by Date: Re: Debconf and noexec on /tmp
Previous by thread: Re: Debconf and noexec on /tmp
Next by thread: Re: Debconf and noexec on /tmp
Index(es):
- Date
- Thread