[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: mounting /tmp noexec (was: Campus Computers)

Thomas,

why is this? Surely it is better security to do so?

for example, an insecure cgi script could allow a user to write to /tmp
and get the web server to execute the script. By mounting /tmp noexec,
this problem is potentially prevented (aside from the insecure script).

so surely, if nothing needs to be executed, it is better to mount
noexec?

Ian.


On Wed, Dec 26, 2001 at 06:19:17PM -0800, Thomas Bushnell, BSG wrote:
> Ian <ian@ids.org.au> writes:
> 
> > Well, I mount /tmp (and anything else I can get away with) as noexec.
> > What is the policy here - should package maintainers not try and exec
> > out of /tmp, or should I allow exec on that partition?
> 
> There is really no particular reason to mount local partitions noexec.
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

-- 
Ian Cumming, ian@semisphere.org

"The number of Unix installations has grown to 10, with more expected."
-- The Unix Programmer's Manual, 2nd Edition, June, 1972
Reply to: