On 2006-01-24 22:13:26 +1000, Michael Mansour wrote: > Hi Peter, > > > On 2006-01-24 08:46:24 +1000, Michael Mansour wrote: > > > Definately noted as one of the measures to stop this type of attack, but for > > > this particular server, /tmp is not a mounted filesystem but part of /, so I > > > can't really do that without re-partitioning the disk and creating a dedicated > > > /tmp. > > > > You could put /tmp on a tmpfs: > > > > /etc/fstab: > > none /tmp tmpfs noexec 0 0 > > That's actually a very good idea, I forgot about that. But I thought it was > more like: > > /dev/shm /tmp tmpfs noexec,size=512M,mode=777 0 0 > > ie. I'd have to use the /dev/shm device instead of "none" ? The device is ignored for filesystems which don't really use any device (like proc, sys, tmpfs, etc.).It might be a good idea to use a more descriptive string than "none", though. > Actually, I forgot whether the tmpfs automatically adds the sticky bit on > /tmp, or would I need to change the mode to "1777" ? The default mode is 1777. If you explicitely set the mode to 777, the sticky bit isn't set. hp -- _ | Peter J. Holzer | If I wanted to be "academically correct", |_|_) | Sysadmin WSR | I'd be programming in Java. | | | hjp@xxxxxxxxx | I don't, and I'm not. __/ | http://www.hjp.at/ | -- Jesse Erlbaum on dbi-users
Attachment:
pgpQUPQgcUK1o.pgp
Description: PGP signature
-- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
