Re: mounting /tmp noexec (was: Campus Computers)
> why is this? Surely it is better security to do so?
joey@silk:~>ls -l ./ls
-rw------- 1 joey joey 43916 Dec 26 22:46 ./ls
CVS aalib.nohack.diff doc ls screenshot.png
GNUstep bin html mail src
a debian lib package-sync.log tmp
If you remove the execute bit from ld.so to avoid this, you in turn
break execution of all deymaically linked libc6 programs.
So sure, noexec does raise the bar tiny little bit, just because an
attacker needs to remember to try this trick, and needs to be able to do
so in their exploit.
Anyway, I would like to make debconf (er, really apt-utils) use a
different temporary directory, but I have not been able to come up with
better one so far.
see shy jo