Subject: Re: Volunteers to test some kernel code...
To: Brett Lymn <email@example.com>
From: Manuel Bouyer <firstname.lastname@example.org>
Date: 06/15/1999 11:37:29
On Tue, Jun 15, 1999 at 01:50:17PM +0930, Brett Lymn wrote:
> Only that it stops the execution of any unsigned binary. There is
> nothing to stop a person, given the correct permissions, running any
> binary they want - even one they have downloaded into, say, /tmp. By
> using signing you can have a mechanism that can detect such a binary
> and not run it.
There is. just set up your partitions properly and mount those where
users can write 'noexec' ('nodev' is a good idea as well).
If you really want to be sure you can mount other parts readonly.
Also remember that if scripting languages like perl are accessible,
arbitrary users can do a lot of things with it.
Really I don't see much use of this feature, but as long is't optional
I don't care :)
Manuel Bouyer, LIP6, Universite Paris VI. Manuel.Bouyer@lip6.fr