Re: execute permissions in /tmp

[Matt Zimmerman <mdz@debian.org>]

On Mon, Jul 14, 2003 at 12:13:37PM +0100, David Ramsden wrote:

> I'd like to agree.
> noexec almost certainly better than nothing at all!

Only if it were obviously correct and cost nothing.  In the case of noexec
on /tmp, it breaks things and so the small amount of obfuscation is not
worth it in my opinion.

> For those people who have made /tmp part of / (i.e. /tmp isn't a
> partition and isn't mounted).. I created a file using dd and /dev/zero
> of around 20Mb. Then used mkfs to make it in to a file system and
> mounted it as /tmp with noexec and other permissions.

This sounds slow.  Why not just make a /tmp partition?

> Although I believe there is tmpfs for this?

Or use tmpfs (which uses virtual memory to hold the filesystem data).

> Security by obscurity isn't it? At least you'd have the little bit of
> extra padding there.

"Security" by obscurity isn't security.

-- 
 - mdz