Ed Greshko Ed.Greshko at greshko.com
Mon Jun 4 14:00:13 UTC 2007

Ben Stringer wrote:
> On Mon, 2007-06-04 at 08:06 -0500, Les Mikesell wrote:
>>> I'm sorry....  Are you saying that mounting /home as noexec is a good thing
>>> since folks that are compiling/testing programs won't be allowed to get
>>> their work done?
>>> Sorry a bit confused here....  Sure, it is only Monday.
>> There are always tradeoffs between usability and security.  This one is 
>> pretty extreme, even for people who just write a few convenience scripts 
>> so they don't have to repeated type long command lines to unix tools for 
>> things they do more than once.
> It may appear extreme from the perspective of anyone who plans to be
> compiling code or writing scripts, but is still a valid and effective
> security measure for production, internet facing servers, or for
> desktops used by people who will only be using GUI-based apps.

Yes, it is extremely extreme unless you have a system running with no actual
users.  I suspect that even folks who use mainly GUI apps found outside of
their home environment may get curious and try to do things on their own.
Then, when they find out they can't will damn *ix.

Yow!  I threw up on my window!

More information about the fedora-list mailing list