[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Hd meglio come

On Wed, Aug 08, 2001 at 03:01:16PM +0200, dariondol wrote:
> On Wed, Aug 08, 2001 at 02:37:13PM +0200, Fulvio wrote:
> > Il doc l'ho trovato nel sito red hat però penso che si possa
> > generalizzare per queste cose, cmq chiedo scusa se ho postato
> > delle info sbagliate :-))

esiste anche, piu` specificamente

> diciamo che per un sistema multiuso il fatto di fare partizioni diverse
> puo' servire (per esempio) a far si che la directory home (dove di
> solito ci sono appunto le home degli utenti) possa essere settata per
> non fare eseguire binari in quella partizione .. quindi e' una "mano"
> per la sicurezza ... cosi' potrebbe essere  anche detto della partizione
> /tmp.

3.3 Mounting partitions the right way

   When mounting an ext2 partition you have several additional options
   you apply to the mount call or the /etc/fstab. For instance, this my
   fstab entry for the /tmp partition:
 /dev/hda7    /tmp    ext2    defaults,nosuid,noexec,nodev    0    2
  You see the difference in the options sections. The option nosuid
  ignores the setuid and setgid bits completely, while noexec forbids
  execution of any program on that mount point and nodev, which ignores
  devices. This sounds great, but it
  * only applies to ext2 filesystems only
  * can be circumvented easily
  The noexec option prevents binaries from being executed directly, but
  is easily circumvented:
 alex@joker:/tmp# mount | grep tmp
 /dev/hda7 on /tmp type ext2 (rw,noexec,nosuid,nodev)
 alex@joker:/tmp# ./date
 bash: ./date: Permission denied
 alex@joker:/tmp# /lib/ld-linux.so.2 ./date
 Sun Dec  3 17:49:23 CET 2000

  However, many script kiddies have exploits which try to create and
  execute files in /tmp. If they do not have a clue, they will fall into
  this pit. In other words, if the user does not have a clue, he will
  not fall into the pit of executing a trojaned binary /tmp, when he
  incidentally adds /tmp into his PATH.

Reply to: