[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#179125: maintainer scripts tries to exec script in /tmp

On Mon, 3 Feb 2003 15:49, Ola Lundqvist wrote:
> > That was a script kiddie.  At the very least they should have had a
> > fall-back plan of deleting the file under /tmp to hide their traces, a
> > good script would even do this.
> Yes it was a script kiddie. And I was not good enough to protect myself
> back in 1997.

No-one can totally protect against script kiddies.  Even a SE Linux machine is 
vulnerable to a script attack against sshd...

> > > I would like to add such a thing to policy, yes.
> >
> > There's probably a hundred more useful security things that should be
> > added to policy.  Making the shell of dummy accounts be /bin/false is one
> > that springs to mind.
> Yes you are right. It should not be added to policy. It is common
> sense.

No, it should not be added to policy because it is not desirable, and because 
we have not added many other things to policy which can provide a useful 
benefit without any great problems.

> > Storing temp files in the home directory provides no good way of cleaning
> > them out and therefore results in a loss of disk and backup space for
> > multi-user systems.  Also it removes the ability to do various
> > performance optimisations (tmpfs, or RAID-0 for /tmp, mkfs of the /tmp
> > device at boot time, etc).
> You are probably right.
> I simply do not really like the solution of creating scripts and then
> execute them... But that is maybe another thing. :)

Then install SE Linux.  That's the easiest way of controlling such things.

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: