27 Feb
2007
27 Feb
'07
8:02 a.m.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, Feb 27, 2007 at 10:07:35AM +0900, John Summerfield wrote:
This depends entirely on the tasks required of the box. Putting /tmp on a separate partition can allow you to mount it noexec, which can help with security, and filling up /tmp won't fill the rest of the disk.
OTOH anything bad you can do with /tmp you can do better with /var/tmp, and making that noexec is not a realistic proposition.
Why not ? I have /tmp and /var/tmp as noexec on all my servers, along with ACLs to better protect it.
[]s
- -- Rodrigo Barbosa "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFF4+WHpdyWzQ5b5ckRAsqhAJ42KhqPI/2tWjLkH2hhPHw9VwN4XwCfcTSK
gyKdB/+0jp43OpDNYFCSQv0=
=3KjO
-----END PGP SIGNATURE-----