Re: Proposal: dpkg change: scripts in /var/lib/dpkg/tmp.ci
-> > I mounted /var as noexec/nodev because of security reasons.
-> > I created partition /exec for using it on scripts etc that needs to be
-> > executed.
-> noexec provides no real security whatsoever. nosuid,nodev are more
-> useful.
->
-> try this:
->
-> $ cp /bin/date /noexecfs
-> $ /noexecfs/date
-> (you get a permission denied)
-> $ /lib/ld-2.1.3.so /noexecfs/date
-> (date runs normally)
well, shouldn't be this considered ad ld.so bug?
-> this is for potato, woody/sid would probably be /lib/ld-2.2.2.so or
-> something. the point is noexec does not prevent you from running binaries
-> on that filesystem. same thing with shell scripts, /bin/sh
-> /noexecfs/shellscript.sh works just fine without even execute
-> permissions.
of course I know about shell scripts. But i think the main difference is
shell scripts shouldn't make harm as binaries can.
--
Matus "fantomas" Uhlar, sysadmin at NEXTRA, Slovakia; IRCNET admin of *.sk
uhlar@fantomas.sk ; http://www.fantomas.sk/ ; http://www.nextra.sk/
Micro$oft random number generator: 0, 0, 0, 4.33e+67, 0, 0, 0...
Reply to: