Jens Knoell wrote: > In an effort to tighten security, I'm trying to find out if there is any > solution out there to make certain world-writable directories non-executable? > I'd imagine an execve() wrapper should be able to do that, but I was not > graced with finding any solution at all. When you refer to making a directory non-executable, presumably you aren't talking about clearing the execute bit on the directory itself, but refusing to treat files within that directory as executables, right? In which case, what exactly are you trying to achieve? Is this meant to be a security measure? If so, against what type of attack? An execve() wrapper would help to protect legitimate programs against inadvertantly executing malicious code, but it won't restrict what malicious code can execute, as malicious code can just bypass the execve() function. Nor will it prevent the execution of malicious code which is stored as a shared library rather than an executable. -- Glynn Clements <glynn.clements@xxxxxxxxxx> - : send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
