[opensuse] executables in home directory
Hello: The previous thread ([PLEASE SPEAK UP] Disabling legacy file systems) reminded me a question I wanted to ask for a while. Ext3/4 file system can be mounted with noexec option which prevents running executables from the filesystem. Mounting a users home directory as noexec could be a good measure against running downloaded malicious programs. Still one might want to be able to run executables from his home directory. Is it possible to prevent running executables in one directory and enable it in another on the same filesystem? Thanks, Istvan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Istvan Gabor wrote:
Hello:
The previous thread ([PLEASE SPEAK UP] Disabling legacy file systems) reminded me a question I wanted to ask for a while.
Ext3/4 file system can be mounted with noexec option which prevents running executables from the filesystem. Mounting a users home directory as noexec could be a good measure against running downloaded malicious programs. Still one might want to be able to run executables from his home directory. Is it possible to prevent running executables in one directory and enable it in another on the same filesystem?
Maybe with apparmor? -- Per Jessen, Zürich (3.1°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 13/02/2019 18.23, Istvan Gabor wrote:
Hello:
The previous thread ([PLEASE SPEAK UP] Disabling legacy file systems) reminded me a question I wanted to ask for a while.
Ext3/4 file system can be mounted with noexec option which prevents running executables from the filesystem. Mounting a users home directory as noexec could be a good measure against running downloaded malicious programs. Still one might want to be able to run executables from his home directory. Is it possible to prevent running executables in one directory and enable it in another on the same filesystem?
Have ~/bin a symlink to another mount that allows exec? Or have the download directory and temporary directory for firefox point to a noexec mount. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
participants (3)
-
Carlos E. R. -
Istvan Gabor -
Per Jessen