Tim: >> The other catch is that being able to execute stuff in your home folder >> is a bit of a security risk. Andreas Bernauer: > On what theory do you base this (IMHO weird) statement? Don't you read any of the security notices? Mounting /home as noexec is a very old, and wise, technique for making a system more secure. The same goes for mounting /tmp and /var noexec. Why do you think there's an option to mount a partition with the noexec parameter? If a user can create and run a program, they can do much more to a system than one who can't. Ordinarily, they can't do that. At the simplest level they can stuff up their own files, or bog a system down with a heavy workload. But if you exploit a software fault, at the same time, you can do worse. All it takes is to browse a website that exploits your browser, and there's an unknown program running on your computer. But without any execute permissions, it can't do a thing. -- (This box runs FC6, my others run FC4 & FC5, in case that's important to the thread.) Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
