Re: Debconf and noexec on /tmp

To: debian-security@lists.debian.org
Subject: Re: Debconf and noexec on /tmp
From: Tim Haynes <debian@stirfried.vegetable.org.uk>
Date: 09 Nov 2001 13:49:54 +0000
Message-id: <[🔎] 863d3o835p.fsf@potato.vegetable.org.uk>
Reply-to: debian@stirfried.vegetable.org.uk
In-reply-to: <[🔎] 20011109005438.P28190@plato.local.lan> (Ethan Benson's message of "Fri, 9 Nov 2001 00:54:38 -0900")
References: <[🔎] 20011108151305.A9804@easter-eggs.com> <[🔎] 20011108053148.G28190@plato.local.lan> <[🔎] 20011108154356.L20495@wiggy.net> <[🔎] 20011108064926.H28190@plato.local.lan> <[🔎] 20011108153206.F14666@doorstop.net> <[🔎] 20011108154956.K28190@plato.local.lan> <[🔎] 20011109020817.G29603@wiggy.net> <[🔎] 20011109005438.P28190@plato.local.lan>

Ethan Benson <erbenson@alaska.net> writes:

[snip]
> so here is the situation:
> 
> i don't leave open holes that script kiddies use with thier skripts only
> a dumbass skript kiddie will be foiled by noexec /tmp skript kiddies will
> be foiled by the fact that my boxes are always up to date and patched
> against all known vulnerabilities.
> 
> therefore noexec /tmp gives nothing but inconvenience and no added
> security.

There is a school of thought that says there is no such thing as `secure',
only making it as hard work -inconvenient- for someone to persist in
attacking you.

That's why, the more layers I can throw in someone's face, be it
firewalling, more than just `defaults' in fstab, running libsafe, the better.

~Tim
-- 
   10:04:04 up 2 days, 12:03, 10 users,  load average: 0.26, 0.17, 0.09
piglet@stirfried.vegetable.org.uk |Rushing onwards, tracing the chains,
http://piglet.is.dreaming.org     |Chasing the days, chasing the days.

Reply to:

Follow-Ups:
- Re: Debconf and noexec on /tmp
  - From: Ethan Benson <erbenson@alaska.net>

References:
- Debconf and noexec on /tmp
  - From: Emmanuel Lacour <elacour@easter-eggs.com>
- Re: Debconf and noexec on /tmp
  - From: Ethan Benson <erbenson@alaska.net>
- Re: Debconf and noexec on /tmp
  - From: Wichert Akkerman <wichert@wiggy.net>
- Re: Debconf and noexec on /tmp
  - From: Ethan Benson <erbenson@alaska.net>
- Re: Debconf and noexec on /tmp
  - From: Vineet Kumar <debian-security@virtual.doorstop.net>
- Re: Debconf and noexec on /tmp
  - From: Ethan Benson <erbenson@alaska.net>
- Re: Debconf and noexec on /tmp
  - From: Wichert Akkerman <wichert@wiggy.net>
- Re: Debconf and noexec on /tmp
  - From: Ethan Benson <erbenson@alaska.net>

Prev by Date: SPAM was RE: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!!
Next by Date: Re: Which ssh should I have?
Previous by thread: Re: Debconf and noexec on /tmp
Next by thread: Re: Debconf and noexec on /tmp
Index(es):
- Date
- Thread