On Tue, 29 Mar 2005 14:58:28 -0600, Aleksandar Milivojevic
<amilivojevic-KM6NQS1Ds0I@xxxxxxxxxxxxxxxx> wrote:
>
> You can also mount /boot, /var, /tmp, /var/tmp, and /home as nosuid and
> noexec, as needed. They shouldn't contain executables anyhow.
> Especially no setuid executables.
You're aware of this, I assume:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=126259
By default, logrotate needs to exec scripts in /tmp so setting it
noexec requires you to also change the place logrotate is using to
place it's script.
Greg
|
