[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Did you know ...
if you really want to be silly then do a nosuid on / i am kind of curious
about what it will break and what it won't. :) hmmmm . . . i'' try it on
a production box today and see. :)
tighe
>Date: Wed, 28 Feb 2001 07:42:22 -0600 (CST)
>From: Steven Pritchard <steve@silug.org>
>Reply-To: silug-discuss@silug.org
>To: silug-discuss@silug.org
>Subject: Re: Did you know ...
>
>Tighe said:
>> You might also want to add the nosuid tag to those and the /home
>> mount options. Just a thought.
>
>nosuid,nodev can be nice for /tmp. It'll slow down the script
>kiddies. (I've been told that some things break if you use noexec.)
>noexec on /home is a pain, but nosuid is OK.
>
>Now that I think about it, something like this should work:
>
>LABEL=/ / ext2 defaults 1 1
>LABEL=/usr /usr ext2 rw,nodev 1 2
>LABEL=/var /var ext2 rw,nosuid,noexec,nodev 1 2
>LABEL=/var/spool /var/spool ext2 rw,nosuid,noexec,nodev 1 2
>LABEL=/var/log /var/log ext2 rw,nosuid,noexec,nodev 1 2
>LABEL=/tmp /tmp ext2 rw,nosuid,nodev 1 2
>LABEL=/home /home ext2 rw,nosuid,nodev 1 2
>
>If anyone wants to try it, let us know what breaks. :-)
>
>Steve
>
--
Tighe Schlottog Sys Admin at large /emry\"@"/accessus.net\
ook ook
"Mr. Wizard, I think I'd rather be a coot than a hacker. Yeah, sure, every
now and then a giant pink-haired ape would come running after me and
chase me into the lake, but really, could it be that much worse? I'd have
a tiny little brain and wouldn't be expected to worry about anything."
-jwz from www.jwz.org
-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.