[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] SuSE webserver
Philippe Vogel wrote:
> /dev/hda6 /tmp ext2 rw,nosuid,nodev,noexec 1 2
Mounting /tmp as "noexec" could break stuff. Although I agree that
nobody should run _any_ programs from /tmp, I have seen 2 programs that
do expect stuff in /tmp to be executable.
> 4) Use secumod to prevent creation of sym- and hardlinks. There are
> other kernelpatches/-modules out there doing the same.
You should definitely NOT use secumod for that. I once tried it out and
it crashed as soon as I got some heavy disk I/O. When I reported this to
SuSE they said "Hm, we do not support this module anymore... the code is
totally broken." which says everything.
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here