[oclug] Re: I donated money to OCLUG ...
Adrian Irving-Beer
wisq-oclug at wisq.net
Sat Sep 17 14:53:14 EDT 2005
On Sat, Sep 17, 2005 at 11:20:32AM -0400, Brad Barnett wrote:
> Anyhow, noexec will certainly not resolve all of the issues I spoke
> of, just some of the issues.
Agreed. One forgets that for scripts, "perl /some/file" or "python
/some/file" is just as good as "/some/file" (on a +x /some/file with a
#! launcher), and bypasses noexec. It does prevent running an
arbitrary binary, though.
(Naturally, I also prefer nodev on everything except /, and nosuid on
everything but / and /usr, but that's a different story.)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://tux.oclug.on.ca/pipermail/oclug/attachments/20050917/8e38fb8f/attachment.pgp
More information about the OCLUG
mailing list