解决方法
简单的解决方案可能是简单地删除系统二进制文件的执行权限.如果要阻止用户从具有写访问权限的目录编译内容或运行内容,可以创建单独的分区并使用noexec选项安装这些文件系统.
man mount(noexec选项)
Do not allow direct execution of any
binaries on the mounted file system.
(Until recently it was possible to run
binaries anyway using a command like
/lib/ld*.so /mnt/binary. This trick
fails since Linux 2.4.25 / 2.6.0.)
