On Sat, 2006-07-15 at 15:20 -0400, Mike Frysinger wrote: > On Saturday 15 July 2006 13:41, Ned Ludd wrote: > > On Sat, 2006-07-15 at 17:45 +0100, Daniel Drake wrote: > > > The local root exploit-of-the-week would have been unable to run if our > > > users systems had /proc mounted with nosuid and/or noexec > > > > > > It would be worthwhile considering making this a default. What are > > > people's thoughts? > > > > I mailed Mike about this very thing a month ago. Pretty sure it should > > be showing up in an upcoming baselayout. But yeah it's a good idea for > > the nosuid part anyway. Not 100% sure about the noexec part as that > > might break upx which calls /proc/self/exe as part of it's decompresser > > routines. > > this will be in baselayout-1.12.2+
Great. I'm guessing I should artificially bump 1.12.1 with a revision in my snapshot for 2006.1 or we'll end up not having fixed much. -- Chris Gianelloni Release Engineering - Strategic Lead x86 Architecture Team Games - Developer Gentoo Linux
signature.asc
Description: This is a digitally signed message part
