| Posted by cannibal, 08-29-2007, 04:11 PM | | Hello
just want to know how to check if the tmp is mounted as noexec
??
|
| Posted by Patrick, 08-29-2007, 04:15 PM | | Type:
mount | grep tmp
You should see noexec in the information it'll provide to you.
|
| Posted by Jeremy, 08-29-2007, 04:44 PM | | cd /tmp
vi execme
type in
echo HIIIIIIII
quit vi
chmod +x execme
./execme
see what happens.
|
| Posted by cannibal, 08-30-2007, 06:59 AM | | thanks gusy
I got this
-bash: ./execme: Permission denied
|
| Posted by WebScHoLaR, 08-30-2007, 08:19 AM | | That verifies /tmp as noexec.
|
| Posted by Jeremy, 08-30-2007, 10:49 AM | | your good to go!! :]
|
| Posted by david510, 08-31-2007, 05:34 AM | | mount output if /tmp is noexec will be as following.
/dev/hda2 on /tmp type ext3 (rw,noexec,nosuid)
|
| Posted by Phildar, 08-31-2007, 03:22 PM | | It may be a good idea to ensure that fstab has the noexec option enabled for /tmp as well so that it mounts that way at boot.
|
| Posted by cannibal, 08-31-2007, 03:50 PM | | My fstab looks like this
am I missing something ??
|
| Posted by whmcsguru, 08-31-2007, 03:54 PM | | Keep in mind that mounting /tmp as noexec won't exactly solve much of anything.
What do I mean? Well, take the example you were given here. You were told to simply type . Of course, that's going to give you "permission denied". We all know that's going to happen, and a SMART hacker already knows this.
Now, what if you tried instead
OOPS, your OS will (probably) allow this. Why? Because the binary called is not in /tmp, it resides elsewhere.
The only thing this will stop is compiled binaries from working their magic. It will NOT stop 99% of the hacks out there, as most of these are perl (easily called from /tmp) or (ba)sh (again, easily called from/tmp).
I'm not saying it's not good to secure /tmp, because that's an extra layer of security that may (or may not) stop what's going on here, and it's not that bad of a thing, but if you're going to do that, you need to look through other security measures as well, something to stop those things from calling /tmp files.
|
|
 Add to Favourites
 Print this Article
|
