Re: basically security of linux
On Fri, Jan 16, 2009 at 03:13:10PM -0600, Boyd Stephen Smith Jr. wrote:
> On Friday 2009 January 16 14:45:44 Michael Loftis wrote:
[hardlinking (suid binaries in hope a vulnerability will be found)]
> >you can't do
> >it across drives,
> Right, but the default partitioning puts /sbin /usr/sbin etc. on the same
> filesystem as /home and /tmp, exposing the system to these attacks.
just an addition: Often I've seen /home as a separate mount (mounted
nosuid,nodev,...) and /tmp as tmpfs, but then we have /var/tmp (which can't
be tmpfs, because it's purpose is to retain the files even across reboots).
I haven't tried it yet, but could a bind-mount be done (e. g. /var/real-tmp
-> /var/tmp) with additional options nosuid,nodev,... (while /var or / is