The problem of course is that /tmp is a known world-writable location where attackers can upload malicious files (if they find ways to do that). Using a partition gives you a fairly low-level way to stop them from being able to execute those files, so I guess the answer is how paranoid are you about holes in your cgi's and/or other network services, vs how much of a pain in the ass not being able to execute from /tmp will be based upon it's effect on the rest of the system - eg, as Alex pointed out, having packages not being able to be installed without a remount, and obviously patching your cgi's or reconfiguring or doing what ever you have to do to remove the dependance on /tmp
it is certainly not a bad thing to do, and if you're using LVM for / then you can change your mind later by removing the mount point and adding the old partition back into the fold On Fri, Jul 25, 2008 at 7:42 AM, Voytek Eymont <[EMAIL PROTECTED]> wrote: > > On Fri, July 25, 2008 7:37 am, Alex Samad wrote: > > On Thu, Jul 24, 2008 at 09:37:56PM +1000, Mary Gardiner wrote: > > > >> On Thu, Jul 24, 2008, Voytek Eymont wrote: > > > one thing to be careful when doing this, is some deb's/rpm's expect /tmp > > to exec (run into this problem with apt and a noexec /tmp) > > Alex, > thanks > > yes, just looking on my current server, it seems I have cgi possibly > executing in /tmp > > should I go that way, do I need to do partition on hard disk, or, just an > LVM ? > > > -- > Voytek > > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
