Dear #Linux: Do you use the "noexec" mount option on data volumes? Any downsides?
The option "does not permit direct execution of binaries". It still allows passing a file, say a JavaScript file, to /usr/bin/node, on an other partitions that allows executables.
The idea would to reduce attack surface area if you don't plan to store executables there.
#security #cybersecurty
Mark Stosberg /
npub16g…0zarn
2024-05-08 13:47:58
Author Public Key
npub16gsv858nu4lszcdjz7g9rrq20g78fh5uaps9f6qcskaa454dg8dq50zarnPublished at
2024-05-08 13:47:58Event JSON
{
"id": "768089a6942df981e8797e58bc09de1ddeaffbde8dae66e020ae73067322b8c3",
"pubkey": "d220c3d0f3e57f0161b21790518c0a7a3c74de9ce86054e81885bbdad2ad41da",
"created_at": 1715176078,
"kind": 1,
"tags": [
[
"t",
"linux"
],
[
"t",
"security"
],
[
"t",
"cybersecurty"
],
[
"proxy",
"https://urbanists.social/users/markstos/statuses/112405779506118899",
"activitypub"
]
],
"content": "Dear #Linux: Do you use the \"noexec\" mount option on data volumes? Any downsides?\n\nThe option \"does not permit direct execution of binaries\". It still allows passing a file, say a JavaScript file, to /usr/bin/node, on an other partitions that allows executables. \n\nThe idea would to reduce attack surface area if you don't plan to store executables there. \n\n#security #cybersecurty",
"sig": "b8a3bb7c5301ffd6cae4f735029ca97a8f2e5baaa18449ba5eb837c73e413597c7b748e996ad0ba3d97d605d24f3aaa50bccb42d9411d3078270cf2a5d04bbbd"
}