Re: any risk in using /home/root
On Mon, Jul 27, 1998 at 08:24:20AM +0200, Matus fantomas Uhlar wrote:
> hmmm maybe i'd mount /home as noexec too... users could hate it cause it
> would prevent from using scripts and e.g. links to ssh (like
> fantomas.fantomas.sk. -> /usr/bin/ssh which would call ssh to
> fantomas.fantomas.sk) but that might be security advantage...imo
Iss this really true? I mean, what about "sh <filename>", wouldn't this
execute scripts?
And then oyu have to make /tmp noexec, too. And you'll have to be very
strict with the software you install. Java would probably be a nono, as
well as every other interpreted language. And you can do everything with
perl anyway :)
I'm not claiming any knowledge (I didn't test the above things), but I'm
sure noexec does not make sense if you have real users.
If you only want to serve a mailhost or limited services, or a browser
terminal in the public or something, you are well advised to build all sort
of walls and protection you can think of, though :)
Marcus
--
"Rhubarb is no Egyptian god." Debian GNU/Linux finger brinkmd@
Marcus Brinkmann http://www.debian.org master.debian.org
Marcus.Brinkmann@ruhr-uni-bochum.de for public PGP Key
http://homepage.ruhr-uni-bochum.de/Marcus.Brinkmann/ PGP Key ID 36E7CD09
--
Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
Reply to: