* Praise wrote on Tue, Nov 27, 2001 at 17:16 +0100:
I have my tmp directory on my / filesystem. Obviously executables are allowed for this filesystem. A friend of mine, though, claims that this can be a security problem because it helps attackers to run local exploits.
For some script kiddies that may be true. But usually it's easy to run a tool from the home as well.
From my point of view, it can do no more harm than an executable from an user's home directory.
I think it's really the same.
Is /tmp a danger if it can contains executables?? Note: I have to allow executables from users' home dir.
If a user has no write permissions to any excuteable partitions, this would help a little, but evne then you can start every binary with the dyna linker ld-linux*, so it makes it not much harder to run a binary on such a partition. If you have the users to be allowed to executed own binaries somewhere, it completely equal if they crack via /tmp or their ~home. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.