From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id A0AC21381F3 for ; Wed, 24 Apr 2013 16:13:48 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 78C93E095F; Wed, 24 Apr 2013 16:13:41 +0000 (UTC) Received: from homiemail-a58.g.dreamhost.com (caibbdcaaaaf.dreamhost.com [208.113.200.5]) by pigeon.gentoo.org (Postfix) with ESMTP id 534ECE0917 for ; Wed, 24 Apr 2013 16:13:40 +0000 (UTC) Received: from homiemail-a58.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a58.g.dreamhost.com (Postfix) with ESMTP id CBFE47D8074 for ; Wed, 24 Apr 2013 09:13:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=libertytrek.org; h= message-id:date:from:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; s= libertytrek.org; bh=ItWMyBYI3t5bMPleZOArOCx+TG8=; b=c/iyRT2mz56R L8AWYSm2xcZwsnYlmasMubzGWhzUqdO7vldFz/PZL895eDoNjfEx/jsdx7IHPoi+ zWno4InNdZ6HGHz/eFbS1j0WzYSDHajhftXiAcztsg34G4zoNNohkdYvKJfR6gTk id/Zo7Eak9zoFA/EJutG3lG5rjOvy0U= Received: from [127.0.0.1] (unknown [159.63.145.2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: tanstaafl@libertytrek.org) by homiemail-a58.g.dreamhost.com (Postfix) with ESMTPSA id 89FA37D8070 for ; Wed, 24 Apr 2013 09:13:30 -0700 (PDT) Message-ID: <5178047E.2080005@libertytrek.org> Date: Wed, 24 Apr 2013 12:12:46 -0400 From: Tanstaafl User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20130328 Thunderbird/17.0.5 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Partitions - last questions... References: <51769E54.2050609@libertytrek.org> <5176B81E.8000805@binarywings.net> <20130423185932.1779e970@digimed.co.uk> <5177B88D.8010908@libertytrek.org> <5177D498.5080609@binarywings.net> <5177F662.8070606@libertytrek.org> <5177FABA.4010902@binarywings.net> In-Reply-To: <5177FABA.4010902@binarywings.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: 75c26330-055f-4fae-b735-94aa90d719ae X-Archives-Hash: a6a914a53b887a3d3d90f12683a69068 On 2013-04-24 11:31 AM, Florian Philipp wrote: > Am 24.04.2013 17:12, schrieb Tanstaafl: >> Ok, but - does it make sense to add the noexec option to /var/tmp? Is it >> possible that there are other apps that need exec capability in there? > It makes sense. Any world-writable directory should be noexec to make > script injection harder. Other directories, too, like /var/www (if you > can, i.e. no cgi). I cannot tell you if any application might need it. > Try it. It is easy enough to revert, maybe even with a `mount -o > remount`, I'm not sure. > > Also, look at > http://serverfault.com/questions/72356/how-useful-is-mounting-tmp-noexec Hmmm, this only talks about /tmp... I'm talking about /var/tmp... So, I guess you're right, I'll just need to try it and see... >> What is the 'pass' column? Th 5th column is the 'dump' column, and the >> 6th is the 'fsck' column, afaik? > Okay, your "fsck" column is called "pass" in my fstab. Anyway, a value > of two means "fsck after root", one means "fsck as root" and 0 "no > fsck". See `man fstab`. Obviously you want fsck. Gotcha, that's what I thought... Thanks again Florian