[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: basically security of linux



Hi,

On Fri, Jan 16, 2009 at 03:13:10PM -0600, Boyd Stephen Smith Jr. wrote:
> On Friday 2009 January 16 14:45:44 Michael Loftis wrote:

[hardlinking (suid binaries in hope a vulnerability will be found)]
> >you can't do 
> >it across drives,
> 
> Right, but the default partitioning puts /sbin /usr/sbin etc. on the same 
> filesystem as /home and /tmp, exposing the system to these attacks.

just an addition: Often I've seen /home as a separate mount (mounted
nosuid,nodev,...) and /tmp as tmpfs, but then we have /var/tmp (which can't
be tmpfs, because it's purpose is to retain the files even across reboots).

I haven't tried it yet, but could a bind-mount be done (e. g. /var/real-tmp
-> /var/tmp) with additional options nosuid,nodev,... (while /var or / is
mounted suid,dev,...)?

Greetings,
 Mike Dornberger


Reply to: