Re: limiting user access
Anthony Towns wrote:
> according to the FSSTND, but at least a couple of packages use /var
> for executable files, notably dpkg (/var/lib/dpkg/info/*), and the
> distributed-net client (/var/lib/distributed-net/distributed-net).
>
> BTW, if /var was noexec, it remains possible to have something like
> /var/lib/distributed-net/distributed-net -> /usr/bin/distributed-net,
> and still be able to cd /var/lib/distributed-net; ./distributed-net,
This is currently exactly how /var/lib/distributed-net/distributed-net is
set up, so I don't know what you're worrying about.
/var/lib/dpkg/info/* is a stickier problem..
--
see shy jo
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: