[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH/RFC] do not source/exec scripts on noexec mount points
|
From: |
Mike Frysinger |
|
Subject: |
Re: [PATCH/RFC] do not source/exec scripts on noexec mount points |
|
Date: |
Mon, 14 Dec 2015 00:22:06 -0500 |
On 12 Dec 2015 23:05, Stephane Chazelas wrote:
> 2015-12-12 16:01:26 -0500, Mike Frysinger:
> [...]
> > This is not a perfect solution as it can still be worked around by
> > inlining the code itself:
> > $ bash -c "$(cat /dev/shm/test.sh)"
> > hi
>
> Or
>
> cat /dev/shm/test.sh | bash
right, there's no way to look through pipes
> I think this kind of hardening is better left to things like
> selinux/apparmor.
security is not an all-or-nothing proposotion. the whole point is to
have defence in depth.
-mike
signature.asc
Description: Digital signature
Re: [PATCH/RFC] do not source/exec scripts on noexec mount points, Stephane Chazelas, 2015/12/13
- Re: [PATCH/RFC] do not source/exec scripts on noexec mount points,
Mike Frysinger <=
Re: [PATCH/RFC] do not source/exec scripts on noexec mount points, Chet Ramey, 2015/12/13