Re: we were attacked

To: Michael Sprague <mfs@saneinc.net>
Cc: debian-isp@lists.debian.org
Subject: Re: we were attacked
From: Keith Edmunds <keith@midnighthax.com>
Date: Fri, 23 Jun 2006 15:08:01 +0100
Message-id: <[🔎] 449BF5C1.6030603@midnighthax.com>
In-reply-to: <[🔎] 449BF5D9.6050603@saneinc.net>
References: <44367C04.6030609@tau.org.ar> <1144435612.18796.1.camel@localhost> <[🔎] 20060623092446.GC2686@server.homelinux.net> <[🔎] 449BBAD0.5020501@emenaker.com> <[🔎] 449BF5D9.6050603@saneinc.net>

On 06/23/2006 3:08:25 PM +0100
Michael Sprague <mfs@saneinc.net> said:

> If possible, make /tmp its own file system and mount it with 'noexec'. 
> This really helps stop these types of attacks.  In fact I would 
> recommend 'rw,noexec,nosuid,nodev' as the mount options.

Sound advice, but make sure you have a mechanism in place for updating a
system (many package installations and updates will fail if /tmp is
noexec). There are a number of ways of doing that.

Keith

Reply to:

References:
- Re: we were attacked
  - From: Mark-Walter@t-online.de (Mark Walter)
- Re: we were attacked
  - From: Joe Emenaker <joe@emenaker.com>
- Re: we were attacked
  - From: Michael Sprague <mfs@saneinc.net>

Prev by Date: Re: we were attacked
Next by Date: Re: Apache2 with PHP as CGI
Previous by thread: Re: we were attacked
Next by thread: Re: we were attacked
Index(es):
- Date
- Thread