$HOME/bin

[Ed Greshko]

Tim wrote:
> Tim:
>>> The other catch is that being able to execute stuff in your home folder
>>> is a bit of a security risk.
> 
> Andreas Bernauer:
>> On what theory do you base this (IMHO weird) statement?  
> 
> Don't you read any of the security notices?  Mounting /home as noexec is
> a very old, and wise, technique for making a system more secure.  The
> same goes for mounting /tmp and /var noexec.  Why do you think there's
> an option to mount a partition with the noexec parameter?
> 
> If a user can create and run a program, they can do much more to a
> system than one who can't.  Ordinarily, they can't do that.  At the
> simplest level they can stuff up their own files, or bog a system down
> with a heavy workload.  But if you exploit a software fault, at the same
> time, you can do worse.
> 
> All it takes is to browse a website that exploits your browser, and
> there's an unknown program running on your computer.  But without any
> execute permissions, it can't do a thing.

I'm sorry....  Are you saying that mounting /home as noexec is a good thing
since folks that are compiling/testing programs won't be allowed to get
their work done?

Sorry a bit confused here....  Sure, it is only Monday.

-- 
QOTD:
	All I want is a little more than I'll ever get.