Re: mounting /tmp noexec
David Wright <d.wright@open.ac.uk> writes:
> Quoting Thomas Bushnell, BSG (tb@becket.net):
> > Ian <ian@ids.org.au> writes:
> > > so surely, if nothing needs to be executed, it is better to mount
> > > noexec?
> >
> > noexec has no good purpose, really. But it's intention was for
> > networked filesystems in certain environments, not a generalized
> > security tool.
>
> It's very useful for mounting filesystems like vfat, where otherwise
> all the files are marked executable which makes mc a PITA to use for
> examining archive files (mc tries to execute them!).
Ah, interesting. ;) Of course, that isn't a security related reason.
It would probably be better if vfat had a more clever way of marking
them executable: perhaps it should look at the file to see whether the
kernel *could* conceivable execute it.
Reply to: