on Tue, Oct 23, 2001 at 02:37:23PM +1000, Andrew Pollock (andrew@andrew.net.au) wrote: > Hi, > > I've got /tmp mounted rw,noexec,nosuid,nodev because I think I read somewhere > that that was a good way to go security-wise. It is, but... > It seems that some package related configuration stuff writes > temporary scripts into /tmp, which then don't run because /tmp's > mounted noexec ...it creates problems. Incidentally, what package is doing this? I'd been asked this onece after sugesting 'noexec' and wasn't aware of specific executables. I've also found that the PCMCIA cardmgr wants to put a device file on /tmp, and had to modify the init.d script for it to do a remount. > Should perhaps such scripts be placed elsewhere? /var/tmp? Is mounting > /tmp noexec a bit pointless? If you *do* specify a "TEMP=/var/tmp", most (but not all) applications will respect it (though not necessarially in the morning). Note that *any* mount option is going to be relatively easy to change with the -remount option -- this can be done without umounting the partition. I'd prolly aquiesce and mount /tmp executable, seeing as there are several pretty trivial ways of getting around this exclusion, so it is somewhat pointless. Peace. -- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? Home of the brave http://gestalt-system.sourceforge.net/ Land of the free Free Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org Geek for Hire http://kmself.home.netcom.com/resume.html
Attachment:
pgp7SEy7WhgqX.pgp
Description: PGP signature