From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.54) id 1FAFy9-0006hV-1D for garchives@archives.gentoo.org; Sat, 18 Feb 2006 00:29:01 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.5/8.13.5) with SMTP id k1I0S0SE000543; Sat, 18 Feb 2006 00:28:00 GMT Received: from dns.ultratux.net (ultratux.xs4all.nl [80.126.98.237]) by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id k1I0NqAW022224 for ; Sat, 18 Feb 2006 00:23:52 GMT Received: from morpheus.kijkduin ([10.42.42.142]) by dns.ultratux.net with esmtp (Exim 3.36 #1 (Debian)) id 1FAFt9-0002xE-00 for ; Sat, 18 Feb 2006 01:23:52 +0100 Message-ID: <43F66917.3090403@ultratux.org> Date: Sat, 18 Feb 2006 01:23:51 +0100 From: Maarten User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050824) X-Accept-Language: en-us, en Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] /usr as noexec? (was GB for / partition flamewar) References: <7ae6f8f0602160419w67142523p296a88b3944ce180@mail.gmail.com> <43F641B4.4010700@mid.email-server.info> <1140215813.1141.14.camel@mach.qrypto.org> <200602171515.22493.eric@creativecow.net> In-Reply-To: <200602171515.22493.eric@creativecow.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: 5957cf7a-a232-4b64-80c7-f7cdd8547a0e X-Archives-Hash: acfb789f20622aa9249749b66424fe88 Eric Bliss wrote: > On Friday 17 February 2006 14:36, Rumen Yotov wrote: > >>Hi, >>Please don't take this post as a signal for more battles. >>IMHO there are many true facts from both of you. >>Just a few point, as i have some (limited experience with hardened >>systems). >>1.For 2-3 years using portage-tree in /var/portage, no problems so far, >>all it takes is a symlink in /usr & change in /etc/make.conf file. >>So i can mount all /usr as 'noexec'. > > > Forgive me for asking, but how is this possible??? The last time I checked > (which was 2 minutes ago...), /usr is where almost all the executables on my > system are - /usr/bin, /usr/kde/3.x, /usr/libexec, /usr/sbin... It is, therefore, logically not possible. I believe, in all the mess that this thread has developed into, that Rumen simply confused 'noexec' with 'ro'. Shit happens... :-) This must be the explanation for sure. Or else, if /usr can be mounted noexec without trouble, I'll donate 7500000000 bogomips to the FSF. Maarten P.S.: The thread this derived from has to be the most lame discussion I have witnessed in ages, and I've seen a few. First and foremost because neither of you took the simple effort to run two trivial 'find' commands to try and prove the other guy wrong. It is a shame, because at first, you both said some things that were 'insightful'[tm]... Most people would try to strengthen their positions by coming up with some proof, some good arguments, but that is SO totally absent here... No proof, nor examples, nor whatsoever... All you two did manage to say was really just an endless loop of-- "Wrong" "Not wrong, right." "No, you're wrong" "I'm right, you are wrong" "You are a thousand times wrong" "No, it is you who are infinitely wrong" "You are wrong infinitely plus one" "I am right, have always been right, and you suck" "No YOU suck" "I may suck but that is because you know I'm right" "You suck AND you are wrong" "I do not suck. YOU suck!" "Do NOT!" "Do TOO!" "No you suck. And you are wrong..." Now what age-group type conversation does that remind you of...? -- gentoo-user@gentoo.org mailing list