Re: mounting /tmp noexec (was: Campus Computers)

To: Ian <ian@ids.org.au>, debian-security@lists.debian.org
Subject: Re: mounting /tmp noexec (was: Campus Computers)
From: Philip Blundell <philb@gnu.org>
Date: Thu, 27 Dec 2001 11:35:02 +0000
Message-id: <[🔎] E16JYoQ-0000KJ-00@kc.cam.armlinux.org>
In-reply-to: Message from Ian <ian@ids.org.au> of "Thu, 27 Dec 2001 13:33:16 +1100." <[🔎] 20011227023316.GA1482@ids.org.au>
References: <[🔎] 20011227021726.GA1177@ids.org.au> <[🔎] 87bsgl9zh6.fsf@becket.becket.net> <[🔎] 20011227023316.GA1482@ids.org.au>

In message <[🔎] 20011227023316.GA1482@ids.org.au>, Ian writes:
>so surely, if nothing needs to be executed, it is better to mount
>noexec?

The thing about noexec is that you can almost always circumvent it.  If you
have a shell script in /tmp that you want to execute, you can use 
"sh /tmp/r00tk1t".  If you have a binary, "/lib/ld-linux.so.2 /tmp/r00tk1t".

It's a bit like non-executable stacks; right now it will probably break a lot
of existing exploits, but for the most part only fairly trivial modifications
are needed to make them work again.  So it doesn't really buy you any extra
security.

p.

Reply to:

References:
- Campus Computers
  - From: Ian <ian@ids.org.au>
- Re: Campus Computers
  - From: tb@becket.net (Thomas Bushnell, BSG)
- Re: mounting /tmp noexec (was: Campus Computers)
  - From: Ian <ian@ids.org.au>

Prev by Date: Re: Secure 2.4.x kernel - readonly
Next by Date: Re: Secure 2.4.x kernel
Previous by thread: Re: mounting /tmp noexec (was: Campus Computers)
Next by thread: Re: mounting /tmp noexec (was: Campus Computers)
Index(es):
- Date
- Thread