On Sun, 25 Nov 2001, steve wrote:
> On older distributions the used to be at /usr/doc, but has recently been
> (agreed) to be under /usr/share. [Mainly for security reasons. Allowing you
> to "lock down" your computer and make it more secure. I.e. all that needs to
> be allowed by "normal" users is in one place.]
The end of that sentence is 'security through obscurity' for
dumb users -- not effective; Similarly there is no 'locking
down' happening ... the other suggestion by proponents of this
theory is that the mount 'noexec' option is effective. This
turns out not to be the case.
Don't rely on the File Hierarchy Standard for security --
mounting a directory 'noexec' is not effective in Linux.
Consider:
bash-2.05$ cat hello.c
#include <stdio.h>
main( )
{
printf ("Hello, Slugs\n");
return ;
}
bash-2.05$ gcc hello.c
bash-2.05$ ./a.out
Hello, Slugs
bash-2.05$ chmod 644 a.out
bash-2.05$ ./a.out
bash: ./a.out: Permission denied
bash-2.05$ /lib/ld-linux.so.2 ./a.out
Hello, Slugs
bash-2.05$
I made a Hello World test piece, demonstrated it, and then
made it -noexec. By calling the shared libraries, it is still
executable.
-- Russ
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:51:05 EDT