[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: noexec mount option (was: Email based attack on University)

On Fri Oct 4, 2019 at 12:10 PM Greg Wooledge wrote:

Yes, you're absolutely correct.  Jonathan must be having a bad day.


I actually had a great day! But I am guilty of only testing the things I
wrote on a filesystem which wasn't actually mounted noexec. (the quotes,
I added by mistake in the email.)

I have happily left professional system administration behind (for
nearly five years now). The prevailing wisdom back then was as I have
written: noexec is not particularly secure, not hard to work around, and
not worth relying upon. Things may have changed in the intervening time,
(and indeed the ld trick seems not to work directly anymore)
but I still wouldn't bet my systems on it.

--
👱🏻	Jonathan Dowland
✎	    jon@dow.land
🔗	https://jmtd.net
Reply to: