-> > I mounted /var as noexec/nodev because of security reasons. -> > I created partition /exec for using it on scripts etc that needs to be -> > executed.
-> noexec provides no real security whatsoever. nosuid,nodev are more -> useful. -> -> try this: -> -> $ cp /bin/date /noexecfs -> $ /noexecfs/date -> (you get a permission denied) -> $ /lib/ld-2.1.3.so /noexecfs/date -> (date runs normally) well, shouldn't be this considered ad ld.so bug? -> this is for potato, woody/sid would probably be /lib/ld-2.2.2.so or -> something. the point is noexec does not prevent you from running binaries -> on that filesystem. same thing with shell scripts, /bin/sh -> /noexecfs/shellscript.sh works just fine without even execute -> permissions. of course I know about shell scripts. But i think the main difference is shell scripts shouldn't make harm as binaries can. -- Matus "fantomas" Uhlar, sysadmin at NEXTRA, Slovakia; IRCNET admin of *.sk [EMAIL PROTECTED] ; http://www.fantomas.sk/ ; http://www.nextra.sk/ Micro$oft random number generator: 0, 0, 0, 4.33e+67, 0, 0, 0...
