[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#179125: maintainer scripts tries to exec script in /tmp


On Mon, Feb 03, 2003 at 12:39:25PM +0000, Oliver Elphick wrote:
> On Mon, 2003-02-03 at 11:48, Henrique de Moraes Holschuh wrote:
> > On Mon, 03 Feb 2003, Oliver Elphick wrote:
> > > > You shouldn't rely on being able to execute scripts in /tmp.
> > 
> > You shouldn't rely on your system working with noexec set on /tmp. A LOT of
> > software wants to run stuff in there.  Not too many Debian packages do this,
> > but...
> I still can't see how setting noexec on /tmp helps security.  You would
> still have to type an explicit path to execute any program, so it's no
> different from any other arbitrary path.  Is it intended to protect
> against people who put . in their path?

Well I can imagine a lot of things that noexec prevents. I actually
have caught a cracker (a successful one) this way. The cracker used
some flaw and wrote files to /tmp. Then it tried to execute them
but failed. The user actually had root access so he should have been able
to do anything but he had created the suid root shell and placed it
in /tmp. So he failed. :)

The problem with /tmp is that anyone has write permission to it. So any
software that has a remote security flaw can use it to write files. This
might not be a flaw to gain root access but if you can get access to
write files and then execute them you can actually use some local security
flaw to gain root access.

I would like to add such a thing to policy, yes.

If a package really need to write files and then execute them they should
be changed to create them under /var/lib/pkgname so that only the user that
the software runs as can write the files there. If it is an end user program
the executables should be stored and execeuted in the home directory.

> > > A temporary script needs to be somewhere, and /tmp is guaranteed to
> > > exist and to be available for temporary files.  I don't see how making
> > 
> > Don't hardwire to /tmp. Use $TMPDIR if it is defined...
> OK.  I can go with that.  Does the submitter agree? Jamie?

Best regards,

// Ola

> -- 
> Oliver Elphick <olly@lfix.co.uk>
> LFIX Limited
> -- 
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

 --------------------- Ola Lundqvist ---------------------------
/  opal@debian.org                     Annebergsslingan 37      \
|  opal@lysator.liu.se                 654 65 KARLSTAD          |
|  +46 (0)54-10 14 30                  +46 (0)70-332 1551       |
|  http://www.opal.dhs.org             UIN/icq: 4912500         |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /

Reply to: