Re: mounting /tmp noexec

To: David Wright <d.wright@open.ac.uk>
Cc: Ian <ian@ids.org.au>, debian-security@lists.debian.org
Subject: Re: mounting /tmp noexec
From: tb@becket.net (Thomas Bushnell, BSG)
Date: 02 Jan 2002 13:02:03 -0800
Message-id: <[🔎] 87y9jgxy9g.fsf@becket.becket.net>
In-reply-to: <[🔎] 20020102130728.A2762@tyne.open.ac.uk>
References: <20011227021726.GA1177@ids.org.au> <87bsgl9zh6.fsf@becket.becket.net> <20011227023316.GA1482@ids.org.au> <877kr99ynd.fsf@becket.becket.net> <[🔎] 20020102130728.A2762@tyne.open.ac.uk>

David Wright <d.wright@open.ac.uk> writes:

> Quoting Thomas Bushnell, BSG (tb@becket.net):
> > Ian <ian@ids.org.au> writes:
> > > so surely, if nothing needs to be executed, it is better to mount
> > > noexec?
> > 
> > noexec has no good purpose, really.  But it's intention was for
> > networked filesystems in certain environments, not a generalized
> > security tool.
> 
> It's very useful for mounting filesystems like vfat, where otherwise
> all the files are marked executable which makes mc a PITA to use for
> examining archive files (mc tries to execute them!).

Ah, interesting. ;)  Of course, that isn't a security related reason.

It would probably be better if vfat had a more clever way of marking
them executable: perhaps it should look at the file to see whether the
kernel *could* conceivable execute it.

Reply to:

References:
- Re: mounting /tmp noexec
  - From: David Wright <d.wright@open.ac.uk>

Prev by Date: strange proftpd segfault and conntrack_ftp messages
Next by Date: Re: More security for screensavers
Previous by thread: Re: mounting /tmp noexec
Next by thread: Re: mounting /tmp noexec
Index(es):
- Date
- Thread