RE: execute permissions in /tmp

To: "Noah L. Meyerhans" <noahm@debian.org>, <debian-security@lists.debian.org>
Subject: RE: execute permissions in /tmp
From: "Jim Popovitch" <jimpop@yahoo.com>
Date: Sat, 12 Jul 2003 22:37:24 -0400
Message-id: <[🔎] FMELKIGJMCKDEONBJEDGGEOFHKAA.jimpop@yahoo.com>
In-reply-to: <[🔎] 20030713013416.GG16880@morgul.net>

Well now, that is interesting.  You are absolutely correct about the sticky
bit.  It is the noexec flag that this is happening with, and I agree that it
alone is not a total security solution.  However, it is a piece of a much
bigger pie and really should be enforced.

-Jim P.

> -----Original Message-----
> From: Noah L. Meyerhans [mailto:frodo@morgul.net]On Behalf Of Noah L.
> Meyerhans
> Sent: Saturday, 12 July, 2003 21:34
> To: debian-security@lists.debian.org
> Subject: Re: execute permissions in /tmp
>
>
> On Sat, Jul 12, 2003 at 09:22:45PM -0400, Jim Popovitch wrote:
> > I have a complaint/opinion/statement to express.  It seems that
> every now
> > and then when I run 'apt-get upgrade' i get a lot of errors about "Can't
> > exec "/tmp/config.xxxxx": Permission denied at...".  I like to keep my
> > Debian boxen nice and secure, so I 'chmod +t /tmp' to prevent temp files
> > from being executed.  It seems to me that some package
> maintainers aren't
> > aware of issues such as these and are assuming that anything
> can be done in
> > temp.
>
> Couple of things in response to this.  First of all, the +t flag on
> /tmp/ has nothing to do with whether you can execute files there.  From
> chmod(1):
> STICKY DIRECTORIES
>        When the sticky bit is set on a directory, files  in  that
>        directory may only be unlinked or renamed by root or their
>        owner.  (Without the sticky bit, anyone able to  write  to
>        the  directory can delete or rename files.) The sticky bit
>        is commonly found on directories, such as /tmp, which  are
>        world-writable.
>
> Note that +t is the default on /tmp.
>
> Second of all, mounting a filesystem with the noexec flag (assuming
> /tmp is a separate filesystem on your system and this is, in fact, what
> you're doing) has been shown many many times to not provide any level of
> protection.  Try this on your noexec mounted /tmp:
> # cp /bin/ls /tmp/
> # /lib/ld-linux.so.2 /bin/ls
>
> Basically, what it comes down to is that you *can not* prevent files
> from being executed.  Even if you remove the execute bits from /tmp/ls
> in the above example, you'll still be able to run it.
>
> So, save yourself the headache and just remove noexec from /tmp/
>
> noah
>
> --
>  _______________________________________________________
> | Web: http://web.morgul.net/~frodo/
> | PGP Public Key: http://web.morgul.net/~frodo/mail.html
>

Reply to:

Follow-Ups:
- Re: execute permissions in /tmp
  - From: Peter Cordes <peter@llama.nslug.ns.ca>

References:
- Re: execute permissions in /tmp
  - From: "Noah L. Meyerhans" <noahm@debian.org>

Prev by Date: Re: execute permissions in /tmp
Next by Date: Re: execute permissions in /tmp
Previous by thread: Re: execute permissions in /tmp
Next by thread: Re: execute permissions in /tmp
Index(es):
- Date
- Thread