|
From: | Stephane Chazelas |
Subject: | Re: [PATCH/RFC] do not source/exec scripts on noexec mount points |
Date: | Sat, 12 Dec 2015 23:05:10 +0000 |
User-agent: | Mutt/1.5.21 (2010-09-15) |
2015-12-12 16:01:26 -0500, Mike Frysinger: [...] > This is not a perfect solution as it can still be worked around by > inlining the code itself: > $ bash -c "$(cat /dev/shm/test.sh)" > hi Or cat /dev/shm/test.sh | bash I think this kind of hardening is better left to things like selinux/apparmor. -- Stephane
[Prev in Thread] | Current Thread | [Next in Thread] |