Matt Zimmerman:
noexec /tmp and /var/tmp seem to create far more problems than they solve.
I've run with /tmp set to noexec for quite some time on some machines, and it tend to work quite well. The only thing that seems to fail occasionally is debconf, despite that I point TMPDIR to a directory that is executable.
But those machines all run stable, so it might have been fixed since.
-- \\// Peter - http://www.softwolves.pp.se/
I do not read or respond to mail with HTML attachments.