similar to: Mounting filesystems with "noexec"

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm wondering if/where I can get the server side component for freebsd-update. Presumably such a component would build and sign the binary patches and prepare them to be served via HTTP to the freebsd-update client. I need a system for distributing binary updates to a collection of customized FreeBSD machines, jails, and embedded systems.

Hello. I once read somewhere that it's possible to limit SSH pubkeys to 'tunnel-only'. I can't seem to find any information about this in any of the usual places. I'm going to be deploying a few servers in a couple of days and I'd like them to log to a central server over an SSH tunnel (using syslog-ng) however I'd like to prevent actual logins (hence

Hello, I am fixing up a system for someone and they did not make a separate partition for /tmp...but I want to make it noexec, nosuid. I came across a site that said I could skip all the mount/unmount and new partition stuff (which would probably include downsizing a lvm to make room for it)... by adding this in fstab /tmp /tmp bind nosuid,noexec,bind 0 0 and then reboot... There is

Sjors Gielen wrote: > Then I noticed that the partition /dev/sdb2 was mounted noexec, so I > umounted ~/.wine and /media/sdb2, remounted /dev/sdb2 with exec, and > remounted ~/.wine - and it all worked again. > > This is with Wine 1.1.24. Has this always been behavior, or is it a > regression somewhere? Wine will not work / run programs from mount mounted with noexec. It's

Am 24.05.2017 um 17:50 schrieb Jeremy Allison via samba: > Here are some mitigation techniques from Red Hat in > case servers cannot be patched immediately: > 2. Mount the filessytem which is used by samba for its writeable share, > using "noexec" option. I would have expected this to be standard security precaution on all pure file servers (which is probably the most

Does mounting /tmp as noexec,nosuid break anything in CentOS 5? I've been in solaris land forever and a day and this is a pretty standard security measure. I noticed CentOS comes default mounting /tmp with both those options allowed.. I'm getting constant php hack attacks against (mostly script kiddie level stuff right now) my server and will rest much easier with this setting in place..

or "How do I know my copy of FreeBSD is the same as yours?" I have recently been meditating on the issue of validating X.509 root certificates. An obvious extension to that is validating FreeBSD itself. Under "The Cutting Edge", the handbook lists 3 methods of synchronising your personal copy of FreeBSD with the Project's copy: Anonymous CVS, CTM and CVSup. There are

i'm experimenting with some basic removable media mounting exercises for an upcoming class, and i read that, while you can use gconf-editor to change some of the mount options in cases like that, there is no way to override the mount options of nodev, noexec and nosuid. for example, that claim is made here (admittedly for fedora, but it appears to be true for centos as well):

On 06/10/2013 01:41 PM, pr.G wrote: > On Mon, Jun 10, 2013 at 09:29:32AM +0400, свящ. Георгий Гольцов wrote: >> On Mon, Jun 10, 2013 at 09:07:08AM +0800, Gao feng wrote: >>> On 06/09/2013 08:14 PM, pr.G wrote: >>>> Hello. >>>> >>>> Is it possible to start container via libvirt_lxc without mounting /sys >>>> inside container?

https://bugzilla.mindrot.org/show_bug.cgi?id=3715 Bug ID: 3715 Summary: safely_chroot is a little too restrictive: noexec or nosuid should be enough Product: Portable OpenSSH Version: 9.8p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5

Hello! How do i get pass this error? offlinehacker:~/ $ virsh --debug 0 -c lxc:/// create o1.xml create: file(optdata): o1.xml error: Failed to create domain from o1.xml error: internal error: No valid cgroup for machine c1 My cgroups seem to be mounted: cgroup on /sys/fs/cgroup/systemd type cgroup

Hi all Each lxc container on node have mounted tmpfs for cgroups tree: [root-inside-lxc@tst1 ~]# mount | grep cgroups cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct,cpu) cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset) cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory) cgroup on

Hey all, I just decided I was too much out of space on my normal Linux partition. I had a spare partition, so I mkfs.ext4'd it, created a directory 'wine' owned by me, moved all contents of ~/.wine to it, and ran a sudo mount -o bind /media/sdb2/wine /home/dazjorz/.wine. I proceeded to take a look inside and everything was, of course, just fine. When I ran "wine

Hello List, is there really nobody out there who could give me a tip to solve the issue? Thanks a lot. Mit freundlichen Gr??en Michael Kaiser Business Unit IT-Services Network Solutions InfraServ GmbH & Co. Gendorf KG Industriepark Werk GENDORF > -----Urspr?ngliche Nachricht----- > Von: > samba-bounces+michael.kaiser=infraserv.gendorf.de@lists.samba. > org >

On Wed, February 15, 2017 10:22 am, Chris Adams wrote: > Once upon a time, Leonard den Ottolander <leonard at den.ottolander.nl> said: >> On Wed, 2017-02-15 at 09:47 -0600, Johnny Hughes wrote: >> > 2. They already have shell access on the machine in question and they >> > can already run anything in that shell that they can run via what you >> > are

On Wed, February 15, 2017 12:23 pm, Gordon Messmer wrote: > On 02/15/2017 08:47 AM, Valeri Galtsev wrote: >> And yes, ALL user writable places (including often overlooked /dev/shm) >> are mounted with nosuid, nosgid, nodev, noexec options on servers where >> users are allowed to have shell. > > > How sure are you? I just run a bunch of find commands before rolling

Hello Johnny, On Wed, 2017-02-15 at 09:47 -0600, Johnny Hughes wrote: > 2. They already have shell access on the machine in question and they > can already run anything in that shell that they can run via what you > are pointing out. No, assuming noexec /home mounts all they can run is system binaries. > 3. If they have access to a zeroday issue that give them root .. they >

Hi Samba List, I am finding a strange problem between a mount samba directory. Any clues why this is happening? The server side is WD MyBook World Edition II and the export directory is: /shares/internal/Music/ on the client site I am mounting the directory to /mnt/mybook-music the client is an ubuntu server $ uname -a Linux tsunami 2.6.24-22-generic #1 SMP Mon Nov 24 18:32:42 UTC 2008

Hi all: logrotate is broken on my stock 4.1 install. After hunting and hunting I found there is a bug filed with Redhat on the issue. logrotate fails becasue my /tmp partition is mounted noexec. I understand it is that way for security reasons. The box in question is on a dedicated hosting site and that's the way it was handed off to me, built. Some said setting TMPDIR=/var/tmp;export

Hi! I am using xen-tools version: 3.9-4 to create domUs: 1. time xen-create-image --verbose --dist=lenny --install-source=/mnt/xen-file-images/lenny-64-template-debootstrap-30Jun09-fix2.tar --hostname dummy --ip xxx.xxx.xxx.xxx --force 2. xm create dummy.cfg Then I get the message Device /dev/vg0/dummy-disk is mounted in the privileged domain, and so cannot be mounted by a guest. 3. When I