Re: phpBB vulnerability exploited
On Monday 13 December 2004 03:31, Marek Podmaka wrote:
> Yes, I have been doing the same with /tmp, but some debian packages
> won't install on noexec /tmp. But there are other directorieso n my
> system which are world writable - for example /var/tmp and
> /var/lock.
If you've configured apt to preconfigure packages (at least I think that's the
case) then apt will extract some stuff to /tmp and execute it from there.
The solution I use is to temporarily remount partitions with necessary
permissions during apt's run. I do this automatically with the following
commands in apt's config files:
DPkg::Pre-Install-Pkgs {"mount -o remount,rw /boot";};
DPkg::Pre-Install-Pkgs {"mount -o remount,exec /tmp";};
DPkg::Pre-Install-Pkgs {"mount -o remount,rw /usr";};
DPkg::Post-Invoke {"mount -o remount /boot";};
DPkg::Post-Invoke {"mount -o remount /tmp";};
DPkg::Post-Invoke {"mount -o remount /usr";};
I'd think you can get away with linking /var/tmp to /tmp but /var/lock might
be tricky to get around.
> Can entire /var be mounted noexec?
In my case I doubt it since much of postfix lives there. It might be possible
in certain cases though I'm not sure.
--
Fraser Campbell <fraser@wehave.net> http://www.wehave.net/
Georgetown, Ontario, Canada Debian GNU/Linux
Reply to: