Re: Preventing execution of perl scripts in /tmp dierctory

[Jarek Kamiński <jarek@Omega.vilo.eu.org>]

On Tue, Jun 05, 2007 at 20:20:08 +0200, Jakub Ambrozewicz wrote:
> Dnia 05-06-2007, wto o godzinie 14:32 +0530, BipinDas napisał(a):
>> /dev/tmpMnt /tmp ext2 loop,noexec,nosuid,rw,nodev 0 0
>> none /dev/shm tmpfs noexec,nosuid,nodev 0 0
>> 
>> No body can execute perl/shell scripts here with 755 permission . when
>> give command like this prompt# ./test.pl , it gives permission denied
>> error.
>> But now I woud like to prevent compiling of scripts here like ,
>> prompt#perl test.pl. How can I do it?
> I think grsecurity has an option Trusted Path Execution that can be
> helpful.

It would prevent running executables from /tmp even without noexec. Perl
binary is in Trusted Path -- /usr/bin is writeable only by root. And it
can't prevent things like cat /tmp/test.pl | perl

The only solution is preventing access to perl interpreter. If it is
needed for some reasons either compile all scripts with perlcc or write
some kind of wrapper checking if running script should be allowed.

P.S.
I'm not subscribed to debian-isp, please CC: me in replies
(Mail-Followup-To set).


-- 
    Linux jest darmowy, jeśli twój czas nie przedstawia żadnej wartości.
    Jeśli jest coś warty(czas), Linux jest po prostu tańszy od innych.
	Jarek Kamiński
	gg# 453620