Jarek Kamiński wrote:
Thanks for your valued suggestionsOn Tue, Jun 05, 2007 at 20:20:08 +0200, Jakub Ambrozewicz wrote:Dnia 05-06-2007, wto o godzinie 14:32 +0530, BipinDas napisał(a):/dev/tmpMnt /tmp ext2 loop,noexec,nosuid,rw,nodev 0 0 none /dev/shm tmpfs noexec,nosuid,nodev 0 0 No body can execute perl/shell scripts here with 755 permission . when give command like this prompt# ./test.pl , it gives permission denied error. But now I woud like to prevent compiling of scripts here like , prompt#perl test.pl. How can I do it?I think grsecurity has an option Trusted Path Execution that can be helpful.It would prevent running executables from /tmp even without noexec. Perl binary is in Trusted Path -- /usr/bin is writeable only by root. And it can't prevent things like cat /tmp/test.pl | perl The only solution is preventing access to perl interpreter. If it is needed for some reasons either compile all scripts with perlcc or write some kind of wrapper checking if running script should be allowed. P.S. I'm not subscribed to debian-isp, please CC: me in replies (Mail-Followup-To set). --
|