On Tue, 17 Aug 2004 23:39, Stephen J Smoogen <smoogen@xxxxxxxx> wrote: > For certain kinds of attacks/machines a /tmp/kmem that is the /dev/kmem > device and crw-rw-rw is very bad. Not allowing it to be used can fix > that. I cant rememeber what the problem was though.. In what situations might an attacker be able to create a device node (having MKNOD capability) but not be able to attack the system in other ways? /tmp is one of several locations that the PC-Card/Cardbus cardmgr program may use to create temporary device nodes. So mounting /tmp with nodev might impact the operation of a laptop. It might also affect a server with a PCMCIA device (sometimes used for security cards or wireless cards). -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
