Hi Peter, > On 2006-01-24 08:46:24 +1000, Michael Mansour wrote: > > > More generally, I read advice somewhere that mounting /tmp with the > > > "noexec" option (and making any other temp directories symbolic > > > links to that one) can make this type of attack much more difficult. > > This doesn't really prevent execution of programs on /tmp, it just makes > it more difficult. It is useful against worms which don't expect > /tmp to be mounted noexec, though. (In other words: It works as long > as only a few people use this trick) > > > Definately noted as one of the measures to stop this type of attack, but for > > this particular server, /tmp is not a mounted filesystem but part of /, so I > > can't really do that without re-partitioning the disk and creating a dedicated > > /tmp. > > You could put /tmp on a tmpfs: > > /etc/fstab: > none /tmp tmpfs noexec 0 0 That's actually a very good idea, I forgot about that. But I thought it was more like: /dev/shm /tmp tmpfs noexec,size=512M,mode=777 0 0 ie. I'd have to use the /dev/shm device instead of "none" ? Actually, I forgot whether the tmpfs automatically adds the sticky bit on /tmp, or would I need to change the mode to "1777" ? Michael. -- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
