On Sat, Jul 22, 2000 at 01:06:00PM -0400, Andrew Brown wrote:
> it doesn't allow any more than a plain old c compiler would.  i assume
> you've removed the c compiler from these machines?  and ftpd?  and
> chmod?  and uudecode?  uudecode is a wonderful tool for creating
> binaries on machines without a c compiler.  it seems very innocuous,
> but it's not.

There's a better way: all partitions users can write to are mounted 'noexec'.

--
Manuel Bouyer <bouyer@antioche.eu.org>
--