1 |
On 2013-04-24 11:31 AM, Florian Philipp <lists@×××××××××××.net> wrote: |
2 |
> Am 24.04.2013 17:12, schrieb Tanstaafl: |
3 |
>> Ok, but - does it make sense to add the noexec option to /var/tmp? Is it |
4 |
>> possible that there are other apps that need exec capability in there? |
5 |
|
6 |
> It makes sense. Any world-writable directory should be noexec to make |
7 |
> script injection harder. Other directories, too, like /var/www (if you |
8 |
> can, i.e. no cgi). I cannot tell you if any application might need it. |
9 |
> Try it. It is easy enough to revert, maybe even with a `mount -o |
10 |
> remount`, I'm not sure. |
11 |
> |
12 |
> Also, look at |
13 |
> http://serverfault.com/questions/72356/how-useful-is-mounting-tmp-noexec |
14 |
|
15 |
Hmmm, this only talks about /tmp... I'm talking about /var/tmp... |
16 |
|
17 |
So, I guess you're right, I'll just need to try it and see... |
18 |
|
19 |
>> What is the 'pass' column? Th 5th column is the 'dump' column, and the |
20 |
>> 6th is the 'fsck' column, afaik? |
21 |
|
22 |
> Okay, your "fsck" column is called "pass" in my fstab. Anyway, a value |
23 |
> of two means "fsck after root", one means "fsck as root" and 0 "no |
24 |
> fsck". See `man fstab`. Obviously you want fsck. |
25 |
|
26 |
Gotcha, that's what I thought... |
27 |
|
28 |
Thanks again Florian |