Date: Sun, 16 Apr 2006 14:51:55 -0700 From: Kent Stewart <kstewart@owt.com> To: freebsd-questions@freebsd.org Cc: Brendan Grossman <brendan@grossman.id.au>, Colin Percival <cperciva@freebsd.org> Subject: Re: /boot at beginning of drive Message-ID: <200604161451.55744.kstewart@owt.com> In-Reply-To: <4442B4C8.40602@freebsd.org> References: <20060416205147.6544228454@porsche.brendan.id.au> <4442B4C8.40602@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sunday 16 April 2006 14:19, Colin Percival wrote: > Brendan Grossman wrote: > > Here is my reason for separating /tmp and mounting it > > noexec,nosuid: > > > > http://www.sagonet.com/forums/showthread.php?t=2852 > > Quoth mount(8): > noexec Do not allow execution of any binaries on the > mounted file system. This option is useful for a server that has > file systems containing binaries for architectures other than its > own. Note: This option was not designed as a security feature and no > guarantee is made that it will prevent malicious code execution; for > example, it is still possible to execute scripts which reside on a > noexec mounted partition. > > Mounting /tmp as noexec causes perfectly good code to gratuitously > fail, while providing no real security improvement. Including weird system or port update failures. Kent -- Kent Stewart Richland, WA http://www.soyandina.com/ "I am Andean project". http://users.owt.com/kstewart/index.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200604161451.55744.kstewart>