Re: mounting /tmp noexec (was: Campus Computers)

To: debian-security@lists.debian.org
Subject: Re: mounting /tmp noexec (was: Campus Computers)
From: Wichert Akkerman <wichert@wiggy.net>
Date: Thu, 27 Dec 2001 03:49:39 +0100
Message-id: <[🔎] 20011227024939.GO10563@wiggy.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 877kr99ynd.fsf@becket.becket.net>
References: <[🔎] 20011227021726.GA1177@ids.org.au> <[🔎] 87bsgl9zh6.fsf@becket.becket.net> <[🔎] 20011227023316.GA1482@ids.org.au> <[🔎] 877kr99ynd.fsf@becket.becket.net>

Previously Thomas Bushnell, BSG wrote:
> What sort of insecure cgi script are you thinking of?

Trivial protection against stupid rootkits.

> In any case, it's part of the normal conventions of all Unix-based
> systems that /tmp is accessible to every user, for writing files and
> for executing them.

debconf seems to be the only thing relying on it, I've been using
a nonexec /tmp for a while now without noticing any other problems.

Wichert.

-- 
  _________________________________________________________________
 /wichert@wiggy.net         This space intentionally left occupied \
| wichert@deephackmode.org            http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |

Reply to:

Follow-Ups:
- Re: mounting /tmp noexec (was: Campus Computers)
  - From: tb@becket.net (Thomas Bushnell, BSG)

References:
- Campus Computers
  - From: Ian <ian@ids.org.au>
- Re: Campus Computers
  - From: tb@becket.net (Thomas Bushnell, BSG)
- Re: mounting /tmp noexec (was: Campus Computers)
  - From: Ian <ian@ids.org.au>
- Re: mounting /tmp noexec (was: Campus Computers)
  - From: tb@becket.net (Thomas Bushnell, BSG)

Prev by Date: Re: mounting /tmp noexec (was: Campus Computers)
Next by Date: Re: mounting /tmp noexec (was: Campus Computers)
Previous by thread: Re: mounting /tmp noexec (was: Campus Computers)
Next by thread: Re: mounting /tmp noexec (was: Campus Computers)
Index(es):
- Date
- Thread