Date: Sun, 16 Apr 2006 14:19:04 -0700 From: Colin Percival <cperciva@freebsd.org> To: Brendan Grossman <brendan@grossman.id.au> Cc: freebsd-questions@freebsd.org Subject: Re: /boot at beginning of drive Message-ID: <4442B4C8.40602@freebsd.org> In-Reply-To: <20060416205147.6544228454@porsche.brendan.id.au> References: <20060416205147.6544228454@porsche.brendan.id.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Brendan Grossman wrote: > Here is my reason for separating /tmp and mounting it noexec,nosuid: > > http://www.sagonet.com/forums/showthread.php?t=2852 Quoth mount(8): noexec Do not allow execution of any binaries on the mounted file system. This option is useful for a server that has file systems containing binaries for architectures other than its own. Note: This option was not designed as a security feature and no guarantee is made that it will prevent malicious code execution; for example, it is still possible to execute scripts which reside on a noexec mounted partition. Mounting /tmp as noexec causes perfectly good code to gratuitously fail, while providing no real security improvement. Colin Percival FreeBSD Security Officer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4442B4C8.40602>