WARNING:DO NOT UPGRADE TO CORE 4
Timothy Murphy
tim at birdsnest.maths.tcd.ie
Fri Jul 15 11:24:03 UTC 2005
Paul Howarth wrote:
>> I can (sort of) see the argument for noexec on /var ,
>> but why on /tmp ?
>
> Why one and not the other?
I guess I misunderstood.
I thought the idea of noexec-ing /var
was to ensure that files there weren't tampered with,
and there didn't seem anything worth tampering with on /tmp .
But I see now that the danger is more that /var or /tmp
can be used as a blank sheet to write on.
--
Timothy Murphy
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland
More information about the fedora-list
mailing list