Re: execute permissions in /tmp
On Mon, Jul 14, 2003 at 01:02:33AM -0400, bda wrote:
> On Sun, Jul 13, 2003 at 11:55:45PM -0400, Matt Zimmerman wrote:
> > If the user can read files in /tmp, they can execute the code in them.
> > What problem is noexec /tmp supposed to solve?
> In the event that the machine gets popped (depending on the vector of
> attack), it makes it that much more difficult for the intruder to run
> exploits on the machine, as it's possible that they cannot write to any
> directory but /tmp. (This is admittedly unlikely as if they're exploiting
> a service, that service can mostly likely write SOMEWHERE, which allows
> for the execution of code; ignoring the fact that the attacker has likely
> already gained the ability to run arbitrary commands.)
Right. If they can run arbitrary code, they can run arbitrary code. If the
exploit relies on a writable /tmp, it can be modified not to.
> It may seem like putting a pebble in front of a tank, but the only defense
> we have is a many-layered security policy.
If it were a straightforward kind of protection like nosuid, absolutely. It
just happens that noexec isn't much of a barrier, and breaks more than it
helps, so I don't miss it.