RE: execute permissions in /tmp

To: debian-security@lists.debian.org
Subject: RE: execute permissions in /tmp
From: DEFFONTAINES Vincent <Vincent.DEFFONTAINES@coe.int>
Date: Tue, 15 Jul 2003 09:38:45 +0200
Message-id: <[🔎] 435C366F075ED211B12200204840172D06293538@petitsuix.coe.int>

> On Sun, Jul 13, 2003 at 11:55:45PM -0400, Matt Zimmerman wrote:
> > If the user can read files in /tmp, they can execute the 
> code in them.
> 
> even if the user is a "nobody" that owns no files or 
> directories and grsecurity, selinux or the like prevents 
> him/her to execute directly code from world writeable directories?
> 
> (I do not know, so I ask)

Grsecurity has a "trusted path execution" option.
Paste from config help :

CONFIG_GRKERNSEC_TPE:
If you say Y here, you will be able to choose a gid to add to the
supplementary groups of users you want to mark as "untrusted."
These users will not be able to execute any files that are not in
root-owned directories writeable only by root.  If the sysctl option
is enabled, a sysctl option with name "tpe" is created.

Vincent

Reply to:

Follow-Ups:
- Re: execute permissions in /tmp
  - From: Peter Cordes <peter@llama.nslug.ns.ca>

Prev by Date: unsubscribe
Next by Date: Re: execute permissions in /tmp
Previous by thread: Re: execute permissions in /tmp
Next by thread: Re: execute permissions in /tmp
Index(es):
- Date
- Thread