Re: Bug#179125: maintainer scripts tries to exec script in /tmp

To: debian-devel@lists.debian.org
Subject: Re: Bug#179125: maintainer scripts tries to exec script in /tmp
From: Ola Lundqvist <opal@debian.org>
Date: Mon, 3 Feb 2003 21:04:13 +0100
Message-id: <[🔎] 20030203200413.GA25079@chrystal.opal.dhs.org>
Mail-followup-to: Ola Lundqvist <opal@debian.org>, debian-devel@lists.debian.org
Reply-to: opal@debian.org
In-reply-to: <[🔎] 200302031843.51415.russell@coker.com.au>
References: <1043972564.3e39c1d45aa99@anchor.net.au> <[🔎] 200302031441.18017.russell@coker.com.au> <[🔎] 20030203144938.GA15409@chrystal.opal.dhs.org> <[🔎] 200302031843.51415.russell@coker.com.au>

Hi

On Mon, Feb 03, 2003 at 06:43:51PM +0100, Russell Coker wrote:
> On Mon, 3 Feb 2003 15:49, Ola Lundqvist wrote:
> > > That was a script kiddie.  At the very least they should have had a
> > > fall-back plan of deleting the file under /tmp to hide their traces, a
> > > good script would even do this.
> >
> > Yes it was a script kiddie. And I was not good enough to protect myself
> > back in 1997.
> 
> No-one can totally protect against script kiddies.  Even a SE Linux machine is 
> vulnerable to a script attack against sshd...

:)

> > > > I would like to add such a thing to policy, yes.
> > >
> > > There's probably a hundred more useful security things that should be
> > > added to policy.  Making the shell of dummy accounts be /bin/false is one
> > > that springs to mind.
> >
> > Yes you are right. It should not be added to policy. It is common
> > sense.
> 
> No, it should not be added to policy because it is not desirable, and because 
> we have not added many other things to policy which can provide a useful 
> benefit without any great problems.

Hmm well... I have now realized that it is very simple to get around
the execute bit. I thought programs checked that. You have convinced me
and I have to change a bit on my view on the world...

> > > Storing temp files in the home directory provides no good way of cleaning
> > > them out and therefore results in a loss of disk and backup space for
> > > multi-user systems.  Also it removes the ability to do various
> > > performance optimisations (tmpfs, or RAID-0 for /tmp, mkfs of the /tmp
> > > device at boot time, etc).
> >
> > You are probably right.
> >
> > I simply do not really like the solution of creating scripts and then
> > execute them... But that is maybe another thing. :)
> 
> Then install SE Linux.  That's the easiest way of controlling such things.

Well sometime I'll try to set it up. I'll see if I can get the
time to set up such a system.

Regards,

// Ola

> -- 
> http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
> http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
> http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
> http://www.coker.com.au/~russell/  My home page
> 

-- 
 --------------------- Ola Lundqvist ---------------------------
/  opal@debian.org                     Annebergsslingan 37      \
|  opal@lysator.liu.se                 654 65 KARLSTAD          |
|  +46 (0)54-10 14 30                  +46 (0)70-332 1551       |
|  http://www.opal.dhs.org             UIN/icq: 4912500         |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---------------------------------------------------------------

Reply to:

References:
- Re: Bug#179125: maintainer scripts tries to exec script in /tmp
  - From: Russell Coker <russell@coker.com.au>
- Re: Bug#179125: maintainer scripts tries to exec script in /tmp
  - From: Ola Lundqvist <opal@debian.org>
- Re: Bug#179125: maintainer scripts tries to exec script in /tmp
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Re: Recent glibc time_t redefinition?
Next by Date: Re: FYI: libSDL is unmaintained
Previous by thread: Re: Bug#179125: maintainer scripts tries to exec script in /tmp
Next by thread: Re: Bug#179125: maintainer scripts tries to exec script in /tmp
Index(es):
- Date
- Thread