Re: basically security of linux

To: debian-security@lists.debian.org
Subject: Re: basically security of linux
From: Bernd Eckenfels <ecki@lina.inka.de>
Date: Sat, 17 Jan 2009 03:28:53 +0100
Message-id: <[🔎] E1LO0vd-0002Y1-00@calista.eckenfels.net>
In-reply-to: <[🔎] 20090117002104.GA312@wolfden.dnsalias.net>

In article <[🔎] 20090117002104.GA312@wolfden.dnsalias.net> you wrote:
> /tmp as tmpfs, but then we have /var/tmp (which can't
> be tmpfs, because it's purpose is to retain the files even across reboots).

It is just supposed to hold larger data. No persistence in /var/tmp over
reboots required.

> I haven't tried it yet, but could a bind-mount be done (e. g. /var/real-tmp
> -> /var/tmp) with additional options nosuid,nodev,... (while /var or / is
> mounted suid,dev,...)?

I am mounting /var as noexec, this works most of the time (dpkg has some
problems on install. But since I also run with ro-root, i have a
"pre-install" script which changes both mount options before I use apt).

Gruss
Bernd

Reply to:

Follow-Ups:
- Re: basically security of linux
  - From: Russ Allbery <rra@debian.org>

References:
- Re: basically security of linux
  - From: Mike Dornberger <Mike.Dornberger@gmx.de>

Prev by Date: Re: basically security of linux
Next by Date: Re: basically security of linux
Previous by thread: Re: basically security of linux
Next by thread: Re: basically security of linux
Index(es):
- Date
- Thread