[Wolves] Linux viruses

David Goodwin dg at clocksoft.com
Wed Dec 8 08:40:43 GMT 2004


> Would everything would work properly if the "noexec" mount option was used 
> for /home, /tmp and /var/tmp. This should make it somewhat harder for users 
> to purposefully download and run "unofficial" programs, rather than being 
> limited to those the sysadmin has provided. (see manual page for mount(8) for 
> more details).

Some sysadmin type howto's recommend doing this for e.g. /var; 
unfortunately I don't think people are strict enough in where binaries 
go for this to be totally practical, so might require a bit of 
experimentation. /tmp would be another good candidate.

Then again you could also make /usr read only etc.

David.


-- 
David Goodwin
w: http://www.clocksoft.com
e: david.goodwin at clocksoft.com
t: 0121 313 3850

intY has scanned this email for all known viruses (www.inty.com)




More information about the Wolves mailing list