24 Aug
2009
24 Aug
'09
7:29 a.m.
On Mon, 2009-08-24 at 09:20 +0200, Thomas Bächler wrote:
Jan de Groot schrieb:
Some applications like the ones mentioned in the original post will mmap files in /dev/ with the PROT_EXEC flag. When the filesystem is mounted as noexec, these mmap operations will fail. Even if the program doesn't execute anything used in the mmap operation, the whole mmap operation will just fail when this flag is set on a noexec filesystem.
How stupid. Can I at least put nosuid there? And put nosuid to /dev/shm as well?
I think that might be good. I don't see reason to store suid stuff in /tmp, /dev and /dev/shm. Out of these, /dev/shm and /tmp are the most important ones that should be nosuid.