Tim wrote: > Tim: >>> The other catch is that being able to execute stuff in your home folder >>> is a bit of a security risk. > > Andreas Bernauer: >> On what theory do you base this (IMHO weird) statement? > > Don't you read any of the security notices? Mounting /home as noexec is > a very old, and wise, technique for making a system more secure. The > same goes for mounting /tmp and /var noexec. Why do you think there's > an option to mount a partition with the noexec parameter? > > If a user can create and run a program, they can do much more to a > system than one who can't. Ordinarily, they can't do that. At the > simplest level they can stuff up their own files, or bog a system down > with a heavy workload. But if you exploit a software fault, at the same > time, you can do worse. > > All it takes is to browse a website that exploits your browser, and > there's an unknown program running on your computer. But without any > execute permissions, it can't do a thing. I'm sorry.... Are you saying that mounting /home as noexec is a good thing since folks that are compiling/testing programs won't be allowed to get their work done? Sorry a bit confused here.... Sure, it is only Monday. -- QOTD: All I want is a little more than I'll ever get.
