on Tue, Nov 28, 2000 at 04:42:22AM -0900, Ethan Benson (erbenson@alaska.net) wrote: > On Mon, Nov 27, 2000 at 12:57:53PM -0800, kmself@ix.netcom.com wrote: > > > > I suspect this isn't something Debian can fix and make go away. > > it would be non-trivial and wouldn't create much benifit. That's a pretty good translation of what I said into standard English <g>. > > Following discussion here a few weeks ago, I tweaked several of my > > partition mount options, specifically disallowing suid, dev, and exec > > privileges on a number of partitions. I suspect 'noexec' is going to be > > a bit problematic in a number of places. I've since changed /var to > > allow 'exec' privileges. > > nosuid,nodev is really the more important ones IMO. noexec is really > quite weak since you can execute binaries and shell scripts on noexec > mounted filesystems anyway: > > [eb@socrates /tmp]$ cp /bin/date . > [eb@socrates /tmp]$ ls -l ./date > -rwxr-xr-x 1 eb eb 30384 Nov 28 04:32 ./date > [eb@socrates /tmp]$ file date > date: ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1, > dynamically linked (uses shared libs), stripped > [eb@socrates /tmp]$ mount | grep " /tmp" > /dev/hda10 on /tmp type ext2 (rw,noexec,nosuid,nodev,usrquota,grpquota) > [eb@socrates /tmp]$ ./date > bash: ./date: Permission denied > [eb@socrates /tmp]$ /lib/ld-2.1.3.so ./date > Tue Nov 28 04:32:41 AKST 2000 Cute. Now I want to know why.... > > > > # <fs> <mountpt> <type> <options> <dump> <pass> > > /dev/hda3 / ext2 defaults,errors=remount-ro 0 1 > > > > /dev/sdb5 /tmp ext2 defaults,nosuid,noexec,nodev 0 2 > > noexec will cause you problems here too, some programs create > temporary shell scripts in /tmp and execute them. Including some of my own scripts <g> > > /dev/sdb6 /var ext2 defaults,nosuid,nodev 0 2 > > /dev/hda5 /var/spool/news ext2 defaults,nosuid,noexec,nodev 0 2 > > /dev/sda5 /usr ext2 defaults,ro,nodev 0 2 > > /dev/sdb7 /usr/local ext2 defaults,ro,nosuid,nodev 0 2 > > /dev/sda7 /home ext2 defaults,nosuid,nodev 0 2 > > these should be fine, though if you allow exec on /home why bother > with noexec on other user writable filesystems? > > > /dev/hdc /mnt/cdrom iso9660 noauto,user,ro,nodev,nosuid 2 2 > > /dev/fd0 /mnt/floppy auto noauto,gid=disk,umask=007,rw,user 2 2 > > > > Note that 'user' implies noexec, nosuid, and nodev. > > > > Thoughts, anyone? > > IMO trying to prevent users from running arbitary binaries is futile, > its better to use nosuid,nodev to improve security a bit (though in > theory you need root to create a device file or create a suid binary > in which case you can remount exec,suid but I suppose there might be > some odd exploits where a device or suid binary could be created but > not a direct root shell) It's less authorized users and more exploits which might dump an executable to some arbitrary location and try to run it. If that location isn't executable.... In general, I'm dealing with single-user systems with some network services. -- Karsten M. Self <kmself@ix.netcom.com> http://www.netcom.com/~kmself Evangelist, Zelerate, Inc. http://www.zelerate.org What part of "Gestalt" don't you understand? There is no K5 cabal http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org
Attachment:
pgpEBTIOtDUnh.pgp
Description: PGP signature