mounting /tmp as executable or not?
I was wondering if there's some security or other benefits in mounting
/tmp with a "noexec" option. Even if scripts there can still be executed
but - binary programs should not, right? At least something, I thought.
When I was checking it out, unfortunately some apt-get updates started
Preconfiguring packages ...
Can't exec "/tmp/cvs.config.56471": Permission denied at
/usr/share/perl/5.8/IPC/Open3.pm line 168.
open2: exec of /tmp/cvs.config.56471 configure 1:1.12.9-16 failed at
/usr/share/perl5/Debconf/ConfModule.pm line 44
cvs failed to preconfigure, with exit status 2
So now I just think it's wasted energy and tend to reverse that "noexec"
flag to "standard" again.
Any suggestions or experiences?