Date: Mon, 07 Aug 2006 14:28:40 -0400 From: Russell Meek <rmeek@russellmeek.net> To: dick hoogendijk <dick@nagual.nl> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: /tmp permissions Message-ID: <20060807142840.s4jhd0yuskwcw4o8@secure.russellmeek.net> In-Reply-To: <20060807180521.GA2299@lothlorien.nagual.nl> References: <20060807180521.GA2299@lothlorien.nagual.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting dick hoogendijk <dick@nagual.nl>: > Today I read that /tmp always is "noexec". > That should probably be on linux, because on my fbsd-6.1 box it's "rw" > and that's it. > > Question: should I change /tmp to "rw,noexec" to be safer? > > -- > dick -- http://nagual.nl/ -- PGP/GnuPG key: F86289CE > ++ Running FreeBSD 6.1 +++ The Power to Serve > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > Dick, Yes, noexec is a good this security wise. You could also add nosuid depending upon what you may need /tmp for. Most "kiddie scripts" will attempt to run items out of /tmp, by adding noexec you prevent items from executing out of the applied directory. Thanks, - Russell
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060807142840.s4jhd0yuskwcw4o8>