Re: basically security of linux
In article <[🔎] 20090117002104.GA312@wolfden.dnsalias.net> you wrote:
> /tmp as tmpfs, but then we have /var/tmp (which can't
> be tmpfs, because it's purpose is to retain the files even across reboots).
It is just supposed to hold larger data. No persistence in /var/tmp over
> I haven't tried it yet, but could a bind-mount be done (e. g. /var/real-tmp
> -> /var/tmp) with additional options nosuid,nodev,... (while /var or / is
> mounted suid,dev,...)?
I am mounting /var as noexec, this works most of the time (dpkg has some
problems on install. But since I also run with ro-root, i have a
"pre-install" script which changes both mount options before I use apt).