[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: execute permissions in /tmp

On Mon, Jul 14, 2003 at 01:02:33AM -0400, bda wrote:

> On Sun, Jul 13, 2003 at 11:55:45PM -0400, Matt Zimmerman wrote:
> > If the user can read files in /tmp, they can execute the code in them.
> > What problem is noexec /tmp supposed to solve?
> 
> In the event that the machine gets popped (depending on the vector of
> attack), it makes it that much more difficult for the intruder to run
> exploits on the machine, as it's possible that they cannot write to any
> directory but /tmp. (This is admittedly unlikely as if they're exploiting
> a service, that service can mostly likely write SOMEWHERE, which allows
> for the execution of code; ignoring the fact that the attacker has likely
> already gained the ability to run arbitrary commands.)

Right.  If they can run arbitrary code, they can run arbitrary code.  If the
exploit relies on a writable /tmp, it can be modified not to.

> It may seem like putting a pebble in front of a tank, but the only defense
> we have is a many-layered security policy.

If it were a straightforward kind of protection like nosuid, absolutely.  It
just happens that noexec isn't much of a barrier, and breaks more than it
helps, so I don't miss it.

-- 
 - mdz
Reply to: