Re: Bug#179125: maintainer scripts tries to exec script in /tmp
On Mon, 3 Feb 2003 15:49, Ola Lundqvist wrote:
> > That was a script kiddie. At the very least they should have had a
> > fall-back plan of deleting the file under /tmp to hide their traces, a
> > good script would even do this.
> Yes it was a script kiddie. And I was not good enough to protect myself
> back in 1997.
No-one can totally protect against script kiddies. Even a SE Linux machine is
vulnerable to a script attack against sshd...
> > > I would like to add such a thing to policy, yes.
> > There's probably a hundred more useful security things that should be
> > added to policy. Making the shell of dummy accounts be /bin/false is one
> > that springs to mind.
> Yes you are right. It should not be added to policy. It is common
No, it should not be added to policy because it is not desirable, and because
we have not added many other things to policy which can provide a useful
benefit without any great problems.
> > Storing temp files in the home directory provides no good way of cleaning
> > them out and therefore results in a loss of disk and backup space for
> > multi-user systems. Also it removes the ability to do various
> > performance optimisations (tmpfs, or RAID-0 for /tmp, mkfs of the /tmp
> > device at boot time, etc).
> You are probably right.
> I simply do not really like the solution of creating scripts and then
> execute them... But that is maybe another thing. :)
Then install SE Linux. That's the easiest way of controlling such things.
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page