$HOME/bin
Ralf Corsepius
rc040203 at freenet.de
Tue Jun 5 06:41:11 UTC 2007
On Mon, 2007-06-04 at 21:01 +0930, Tim wrote:
> Tim:
> >> The other catch is that being able to execute stuff in your home folder
> >> is a bit of a security risk.
>
> Andreas Bernauer:
> > On what theory do you base this (IMHO weird) statement?
>
> Don't you read any of the security notices? Mounting /home as noexec is
> a very old, and wise, technique for making a system more secure.
It's the same kind of wisdom advising you to wear a knight's armor or a
bullet-proof vest in everyday life. It might be suitable in certain
environments, but in general, though it might make your life a glimpse
more secure, but your comfort is likely to suffer severely.
> The
> same goes for mounting /tmp and /var noexec. Why do you think there's
> an option to mount a partition with the noexec parameter?
It's useful for data partitions, but even then mounting read only is
more useful.
> If a user can create and run a program, they can do much more to a
> system than one who can't.
Yes, a person who is able to leave his house is able to do much more
than one which can't - But most people want to leave their house, and
prefer not to live in a cage.
Ralf
More information about the fedora-list
mailing list