Omar Polo writes:
> or they can just upload to /usr/local or /home, or mess with /etc, or...
> I don't see how this would help.
It's another layer to make things more difficult.
If the writable filesystems are noexec and they can't take that
away, uploads become less valuable.
/etc is always going to be problematic. I've been experimenting
to see if I can create a viable firewall config with a read-only
root filesystem.
--lyndon
No comments:
Post a Comment