[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: basically security of linux

On Friday 16 January 2009, Mike Dornberger <Mike.Dornberger@gmx.de> wrote 
about 'Re: basically security of linux':
>just an addition: Often I've seen /home as a separate mount (mounted
>nosuid,nodev,...) and /tmp as tmpfs, but then we have /var/tmp (which
> can't be tmpfs, because it's purpose is to retain the files even across
> reboots).
>I haven't tried it yet, but could a bind-mount be done (e. g.
> /var/real-tmp -> /var/tmp) with additional options nosuid,nodev,...
> (while /var or / is mounted suid,dev,...)?

I don't think bind mounts can change the effective permissions.  If I 
mount -o bind,nodev /dev /mnt, mount shows the "nodev" option, 
but /proc/mounts doesn't and devices like /mnt/null and /mnt/zero work as 

That said, you probably count mkdir /home/var with the right permissions 
and then mount -o bind /home/var /var/tmp to get what you are after.

In any case, dpkg installed suid binaries do get scrubbed after they aren't 
in use, so you only have to worry about suid binaries you've created 
Boyd Stephen Smith Jr.                     ,= ,-_-. =. 
bss@iguanasuicide.net                     ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy           `-'(. .)`-' 
http://iguanasuicide.net/                      \_/     

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: