/boot at beginning of drive
Kent Stewart
kstewart at owt.com
Sun Apr 16 21:51:58 UTC 2006
On Sunday 16 April 2006 14:19, Colin Percival wrote:
> Brendan Grossman wrote:
> > Here is my reason for separating /tmp and mounting it
> > noexec,nosuid:
> >
> > http://www.sagonet.com/forums/showthread.php?t=2852
>
> Quoth mount(8):
> noexec Do not allow execution of any binaries on the
> mounted file system. This option is useful for a server that has
> file systems containing binaries for architectures other than its
> own. Note: This option was not designed as a security feature and no
> guarantee is made that it will prevent malicious code execution; for
> example, it is still possible to execute scripts which reside on a
> noexec mounted partition.
>
> Mounting /tmp as noexec causes perfectly good code to gratuitously
> fail, while providing no real security improvement.
Including weird system or port update failures.
Kent
--
Kent Stewart
Richland, WA
http://www.soyandina.com/ "I am Andean project".
http://users.owt.com/kstewart/index.html
More information about the freebsd-questions
mailing list