On 05/01/18 01:54, IL Ka wrote:
> Since /usr/local/ has wxallowed by default (see your /etc/fstab) it works.
>
> Does it affect security?
>
> In theory -- yes, because python can now create WX pages.
True. But I use this solution because:
- root controls what goes in /usr/local
- I mount /home without wxallowed
- I mount /usr/local read-only
Also, I expect that in the future, less and less packages that I use
require /usr/local to be mounted with wxallowed. I agree, this last
point is not improving my security at all.
--
Etienne
No comments:
Post a Comment