* Kurt Seifried wrote on Sun, Aug 13, 2000 at 14:16 -0600:
I am setting up a server where users will have shell access (ssh). I want to prevent anyone from uploading and running their own binaries. The idea is simply to make sure that all partitions where users have write access will be mounted with the noexec flag.
mounting /tmp noexec will break very little (in my opinion anything that moves/copies binaries to tmp and then executes them is broken). It shouldn't be a problem.
... but it helps a very little only.
Take a look how to run a non-exucutable file:
dx:/tmp # ls -l date
-rw-r--r-- 1 root root 25272 Aug 14 09:57 date
dx:/tmp # /lib/ld-linux.so.2 ./date
Mon Aug 14 10:01:57 MEST 2000
So the noexec option isn't helping (thanks to Jari Laurila