rmeek at russellmeek.net
Mon Aug 7 18:28:52 UTC 2006
Quoting dick hoogendijk <dick at nagual.nl>:
> Today I read that /tmp always is "noexec".
> That should probably be on linux, because on my fbsd-6.1 box it's "rw"
> and that's it.
> Question: should I change /tmp to "rw,noexec" to be safer?
> dick -- http://nagual.nl/ -- PGP/GnuPG key: F86289CE
> ++ Running FreeBSD 6.1 +++ The Power to Serve
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
Yes, noexec is a good this security wise. You could also add nosuid
depending upon what you may need /tmp for.
Most "kiddie scripts" will attempt to run items out of /tmp, by adding
noexec you prevent items from executing out of the applied directory.
More information about the freebsd-questions