Re: execute permissions in /tmp
On Mon, Jul 14, 2003 at 12:13:37PM +0100, David Ramsden wrote:
> I'd like to agree.
> noexec almost certainly better than nothing at all!
Only if it were obviously correct and cost nothing. In the case of noexec
on /tmp, it breaks things and so the small amount of obfuscation is not
worth it in my opinion.
> For those people who have made /tmp part of / (i.e. /tmp isn't a
> partition and isn't mounted).. I created a file using dd and /dev/zero
> of around 20Mb. Then used mkfs to make it in to a file system and
> mounted it as /tmp with noexec and other permissions.
This sounds slow. Why not just make a /tmp partition?
> Although I believe there is tmpfs for this?
Or use tmpfs (which uses virtual memory to hold the filesystem data).
> Security by obscurity isn't it? At least you'd have the little bit of
> extra padding there.
"Security" by obscurity isn't security.