On 19/12/06, Alex Samad <[EMAIL PROTECTED]> wrote:
On Tue, Dec 19, 2006 at 08:26:52AM +1100, Voytek Eymont wrote: > on several ocassions I had malware downloaded and executed from /tmp > (through CMS vulnerability); > > there was a suggestion here to mount /tmp as non executable; > > - do I need to partition the HD and make a separate partition for /tmp? > - good/bad/excellent idea ? I do this (/tmp is mount from another partition) the only catch is under debian you have to either set TMP or remount tmp as exec before running aptitude, because some of the pre|post install scripts are run from $TMP/
Haven't tried this myself but have you tried to set $TMP to something else ( e.g. /root/tmp)? Sound like a generally more secure setup anyway. --P -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
