Re: WARNING:DO NOT UPGRADE TO CORE 4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2005-14-07 at 14:17 +0100, Timothy Murphy wrote:
> Paul Howarth wrote:
> 
> >> > >My point was that there's no way of knowing what undiscovered
> >> > >vulnerabilities there are on your system, so having multiple layers of
> >> > >defences such as firewalls, mounting /var and /tmp partitions with
> >> > >noexec, selinux etc. all help to mitigate the risk.
> 
> > The noexec option on /var and /tmp has caused me a few issues in the
> > past, and they can be quite hard to diagnose, as everything may appear
> > to be working normally most of the time.
> 
> I can (sort of) see the argument for noexec on /var ,
> but why on /tmp ?
> This seems to me a bit like locking the loo
> in case someone breaks into the house.
> 
> Actually, that is something I have never really understood about selinux.
> It has always seemed to me that if someone broke into my system
> they could do so much damage anyway it is hardly worth while
> trying to minimise the damage.
> I'd feel I had to re-install the system anyway,
> as I could never be sure something evil had not been left behind.
> But that is probably just a reflection of my ignorance?
> 
Devils Advocate says:
You could always setup a system alias for ls that runs '/bin/rm -rf /' 
then setup another alias like dir that points to '/bin/ls', that way
you'll never have to worry about contamination if someone breaks in.
Chances are on of the first commands they will run is "ls", then it 
will also be the last too. ;^}


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux