Manuel Bouyer <bouyer@antioche.lip6.fr> writes:

> On Sat, Jul 22, 2000 at 01:06:00PM -0400, Andrew Brown wrote:
> > it doesn't allow any more than a plain old c compiler would.  i assume
> > you've removed the c compiler from these machines?  and ftpd?  and
> > chmod?  and uudecode?  uudecode is a wonderful tool for creating
> > binaries on machines without a c compiler.  it seems very innocuous,
> > but it's not.
> 
> There's a better way: all partitions users can write to are mounted 'noexec'.

        Yeah, /usr for example.