[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: mounting /tmp noexec (was: Campus Computers)

Previously Thomas Bushnell, BSG wrote:
> What sort of insecure cgi script are you thinking of?

Trivial protection against stupid rootkits.

> In any case, it's part of the normal conventions of all Unix-based
> systems that /tmp is accessible to every user, for writing files and
> for executing them.

debconf seems to be the only thing relying on it, I've been using
a nonexec /tmp for a while now without noticing any other problems.


 /wichert@wiggy.net         This space intentionally left occupied \
| wichert@deephackmode.org            http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |

Reply to: