[linux-elitists] mount options frenzy!

R P Herrold herrold@owlriver.com
Thu Mar 29 21:11:56 PST 2001


> on Thu, Mar 29, 2001 at 12:36:19PM -0800, Don Marti (dmarti@zgp.org) wrote:

> > Any comments on the usefulness security-wise of making everything except
> > / and /usr nosuid,nodev?  And of copious use of noexec?

... Well, but for the fact that noexec does not buy anything
in Linux, it is a tremendous sentiment ...

5 minutes on Google (Linux, don't you know ...), with argument
"linux ld.so noexec", See, eg,

   http://www.linuxarkivet.nu/mlists/debian-user/0009/msg04479.html

[herrold@couch herrold]$ which date
/bin/date
[herrold@couch herrold]$ ls -al /bin/date
-rwxr-xr-x    1 root     root        25884 Jan 16 09:50  /bin/date
[herrold@couch herrold]$ ldd /bin/date
        libc.so.6 => /lib/i686/libc.so.6 (0x40027000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
[herrold@couch herrold]$ file /bin/date
/bin/date: ELF 32-bit LSB executable, Intel 80386, version 1,
dynamically linked (uses shared libs), stripped
[herrold@couch herrold]$ scp /bin/date /tmp
[herrold@couch herrold]$ /tmp/date
Fri Mar 30 00:04:22 EST 2001
[herrold@couch herrold]$ chmod 444 /tmp/date
[herrold@couch herrold]$ /tmp/date
bash: /tmp/date: Permission denied
[herrold@couch herrold]$ /lib/ld-2.2.2.so /tmp/date
Fri Mar 30 00:05:21 EST 2001
[herrold@couch herrold]$




More information about the linux-elitists mailing list