Re: execute permissions in /tmp

To: debian-security@lists.debian.org
Cc: "Noah L. Meyerhans" <noahm@debian.org>
Subject: Re: execute permissions in /tmp
From: Matt Zimmerman <mdz@debian.org>
Date: Sun, 13 Jul 2003 23:55:45 -0400
Message-id: <[🔎] 20030714035545.GE2970@alcor.net>
Mail-followup-to: debian-security@lists.debian.org, "Noah L. Meyerhans" <noahm@debian.org>
In-reply-to: <[🔎] 20030713191024.GB15775@zionlth.org>
References: <[🔎] FMELKIGJMCKDEONBJEDGIEODHKAA.jimpop@yahoo.com> <[🔎] 20030713013416.GG16880@morgul.net> <[🔎] 20030713191024.GB15775@zionlth.org>

On Sun, Jul 13, 2003 at 03:10:24PM -0400, Phillip Hofmeister wrote:

> On Sat, 12 Jul 2003 at 09:34:16PM -0400, Noah L. Meyerhans wrote:
> > Basically, what it comes down to is that you *can not* prevent files
> > from being executed.  Even if you remove the execute bits from /tmp/ls
> > in the above example, you'll still be able to run it.
> 
> I believe grsecurity ACLs will prevent /tmp from being loaded by
> ld-linux...

If the user can read files in /tmp, they can execute the code in them.  What
problem is noexec /tmp supposed to solve?

-- 
 - mdz

Reply to:

Follow-Ups:
- RE: execute permissions in /tmp
  - From: "Jim Popovitch" <jimpop@yahoo.com>
- Re: execute permissions in /tmp
  - From: NN_il_Confusionario <pinkof.pallus@tiscalinet.it>
- Re: execute permissions in /tmp
  - From: bda <bda@mirrorshades.net>

References:
- execute permissions in /tmp
  - From: "Jim Popovitch" <jimpop@yahoo.com>
- Re: execute permissions in /tmp
  - From: "Noah L. Meyerhans" <noahm@debian.org>
- Re: execute permissions in /tmp
  - From: Phillip Hofmeister <plhofmei@zionlth.org>

Prev by Date: Re: execute permissions in /tmp
Next by Date: RE: execute permissions in /tmp
Previous by thread: Re: execute permissions in /tmp
Next by thread: RE: execute permissions in /tmp
Index(es):
- Date
- Thread