On Sun, Jan 18, 2004 at 03:06:07PM +1100, Rob Weir wrote: -snip- > noexec /tmp is NOT supported under Debian. Also, are you aware that it > provides very little protection? Try an experiment: > > $ cp /bin/ls /tmp > $ /tmp/ls > [permission denied] > $ /lib/ld-linux.so.2 /tmp/ls > [directory listing]
It does provide some protection against automated attacs, the last apache worm was stopped by this trick. Now what about moving all suid binarys to a dedicated partition, and mounting everything else with nosuid? I understand that for those that admin hundreds of servers, such customizations cause problems. But security is getting more important every day. -- Frode Haugsgjerd Norway -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]