Re: mounting /tmp noexec (was: Campus Computers)
Wichert Akkerman <firstname.lastname@example.org> writes:
> Previously Thomas Bushnell, BSG wrote:
> > What sort of insecure cgi script are you thinking of?
> Trivial protection against stupid rootkits.
> > In any case, it's part of the normal conventions of all Unix-based
> > systems that /tmp is accessible to every user, for writing files and
> > for executing them.
> debconf seems to be the only thing relying on it, I've been using
> a nonexec /tmp for a while now without noticing any other problems.
Posix requires a /tmp directory which arbitrary programs can write to,
and Posix knows nothing of noexec; a valid program of any sort could
well decide to use that feature, and Debian shouldn't bother trying to
work around it, IMHO.