especially you mount /tmp as a separate filesystem and remove exec.
I wish I could have that level of security on the computer I use for e-banking. Unfortunately a couple of years ago it was decided that allowing banks to compete on the quality of their e-banking systems was not acceptable in such a civilized country as Denmark. Instead one company was granted a monopoly on handling authentication for e-banking. And every bank in this country is now required to use that centralised authentication system.
The vendor of that system is guaranteed to not lose market share to competitors, so they can do whatever they please. One consequence of that is that if I want to access any e-banking, I must have /tmp mounted with exec. Mounting it noexec will prevent me from logging on the banks website.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds