> -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list- > bounces@xxxxxxxxxx] On Behalf Of Ed Wilts > Sent: Monday, April 11, 2005 1:28 PM > To: General Red Hat Linux discussion list > Subject: Re: Blackhole > > On Mon, Apr 11, 2005 at 01:19:51PM -0700, Justin Zygmont wrote: > > You may not have to reinstall the whole system, /tmp is likely the only > > directory that was writable through an exploit. > > /var/tmp is also world writable. > > Any time you do not trust what's on your system, you should seriously > consider doing a re-install. Sure, you may get away with not having to > do one, but what if you guess wrong and your customer data is > compromised? I will have to 2nd that. But rolling back 200 customers sites is going to result in a lot of PO'd customers from my experience (although it is in their interest). Mounting /tmp with noexec and nosuid might be a good idea going forward as well. Expand that to other filesystems as you see fit. -Tobias > > -- > Ed Wilts, RHCE > Mounds View, MN, USA > mailto:ewilts@xxxxxxxxxx > Member #1, Red Hat Community Ambassador Program > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
