[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Do we really need to worry about viruses

On Thu, Oct 02, 2003 at 11:21:39PM -0400, Bijan Soleymani wrote:
> I don't know but this seems like overkill. Does mounting home noexec
> mean that I can't run programs for /home/. 

Yep, that's what it means. Things located in the partition mounted at
/home are not allowed to be executed (though it can be bypassed)

> What about at school. They
> don't even have lynx installed and their version of mutt is broken, etc.
> I depend on being able to compile and install software in ~/software/.
> Wouldn't an even easier solution be to stop the user from using the
> computer. No way they can get a virus that way :) Just joking but
> still...

As for whether it's an appropriate solution, that depends on lots of
things. Who are your users? How trusted are they? Will they have
legitimate need to run arbitrary code? 
Also, if the sysadmin has properly installed and configured the
programs that her users need, that makes a big difference.

In the case of experienced power-users on a university network, you'd
inconvenience people plenty by trying this, and they'd just hack around
it anyway.  One method has already been mentioned in this thread.

But in the case of administering a network for an office full of
desktop users who are happy as long as they can get mail, surf the web,
and run an office suite, I think the noexec solution is a _totally_
appropriate way to remove much of the opportunity for their ignorance
to open the door to somebody's trojan.

The right balance between security and convenience varies pretty widely
among particular cases.

>   -ScruLoose-   |        I do not agree with what you have to say,      <
>  Please do not  |   but I'll defend to the death your right to say it.  <
> reply off-list. |                       - Voltaire                      <

Attachment: pgpZq0537OG_7.pgp
Description: PGP signature

Reply to: