14 Jul
2004
14 Jul
'04
12:39
Philippe Vogel wrote:
/dev/hda6 /tmp ext2 rw,nosuid,nodev,noexec 1 2
Mounting /tmp as "noexec" could break stuff. Although I agree that nobody should run _any_ programs from /tmp, I have seen 2 programs that do expect stuff in /tmp to be executable.
4) Use secumod to prevent creation of sym- and hardlinks. There are other kernelpatches/-modules out there doing the same.
You should definitely NOT use secumod for that. I once tried it out and it crashed as soon as I got some heavy disk I/O. When I reported this to SuSE they said "Hm, we do not support this module anymore... the code is totally broken." which says everything. nordi