[Asterisk-Users] Linux Partitions (before asterisk install)
Tzafrir Cohen
tzafrir at cohens.org.il
Sat Dec 17 15:03:03 MST 2005
On Sat, Dec 17, 2005 at 09:18:39PM +0100, Michiel van Baak wrote:
> > > /home
> >
> > An asterisk system typically does not have users and need nt have a
> > separate /home
>
> I disagree here.
> You have at least 1 user to remotaly login to the system to
> do some work on it. Think config changes etc.
> In case of unauthorized access (ppl stole your password or
> whatever) you will be glad you have /home on a seperate
> partition that is mounted noexec,nosuid,nodev
noexec? What will that give you against a user with a shell acount?
tzafrir at boomtime:~/Proj/Debs/Netcat/netcat-1.10$
$ cp /bin/ech /tmp/echonoexec
$ chmod 644 /tmp/echonoexec
$ ls -l /tmp/echonoexec
-rw-r--r-- 1 tzafrir tzafrir 13912 2005-12-17 23:52 /tmp/echonoexec
$ /lib/ld-linux.so.2 /tmp/echonoexec it runs!
it runs!
Not to mention all of the #! executables. Only static executables are
"harmed". So what was it that noexec prevented me form doing?
--
Tzafrir Cohen | tzafrir at jbr.cohens.org.il | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir at cohens.org.il | | best
ICQ# 16849755 | | friend
More information about the asterisk-users
mailing list