Posted by cannibal, 08-29-2007, 04:11 PM | Hello
just want to know how to check if the tmp is mounted as noexec
??
|
Posted by Patrick, 08-29-2007, 04:15 PM | Type:
mount | grep tmp
You should see noexec in the information it'll provide to you.
|
Posted by Jeremy, 08-29-2007, 04:44 PM | cd /tmp
vi execme
type in
echo HIIIIIIII
quit vi
chmod +x execme
./execme
see what happens.
|
Posted by cannibal, 08-30-2007, 06:59 AM | thanks gusy
I got this
-bash: ./execme: Permission denied
|
Posted by WebScHoLaR, 08-30-2007, 08:19 AM | That verifies /tmp as noexec.
|
Posted by Jeremy, 08-30-2007, 10:49 AM | your good to go!! :]
|
Posted by david510, 08-31-2007, 05:34 AM | mount output if /tmp is noexec will be as following.
/dev/hda2 on /tmp type ext3 (rw,noexec,nosuid)
|
Posted by Phildar, 08-31-2007, 03:22 PM | It may be a good idea to ensure that fstab has the noexec option enabled for /tmp as well so that it mounts that way at boot.
|
Posted by cannibal, 08-31-2007, 03:50 PM | My fstab looks like this
am I missing something ??
|
Posted by whmcsguru, 08-31-2007, 03:54 PM | Keep in mind that mounting /tmp as noexec won't exactly solve much of anything.
What do I mean? Well, take the example you were given here. You were told to simply type . Of course, that's going to give you "permission denied". We all know that's going to happen, and a SMART hacker already knows this.
Now, what if you tried instead
OOPS, your OS will (probably) allow this. Why? Because the binary called is not in /tmp, it resides elsewhere.
The only thing this will stop is compiled binaries from working their magic. It will NOT stop 99% of the hacks out there, as most of these are perl (easily called from /tmp) or (ba)sh (again, easily called from/tmp).
I'm not saying it's not good to secure /tmp, because that's an extra layer of security that may (or may not) stop what's going on here, and it's not that bad of a thing, but if you're going to do that, you need to look through other security measures as well, something to stop those things from calling /tmp files.
|
|
Add to Favourites
Print this Article |