[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: mounting /tmp as executable or not?

On Mon, Dec 05, 2005 at 02:32:16PM -0500, Bernd Prager wrote:
> I was wondering if there's some security or other benefits in mounting
> /tmp with a "noexec" option. Even if scripts there can still be executed
> but - binary programs should not, right? At least something, I thought.
> When I was checking it out, unfortunately some apt-get updates started
> failing, like:
> Preconfiguring packages ...
> Can't exec "/tmp/cvs.config.56471": Permission denied at
> /usr/share/perl/5.8/IPC/Open3.pm line 168.
> open2: exec of /tmp/cvs.config.56471 configure 1:1.12.9-16 failed at
> /usr/share/perl5/Debconf/ConfModule.pm line 44
> cvs failed to preconfigure, with exit status 2
> So now I just think it's wasted energy and tend to reverse that "noexec"
> flag to "standard" again.
> Any suggestions or experiences?
> Thanks,
> -- Bernd

The noexec only prevents files from being executed directly.  You can
always do something like this:

/usr/bin/python <python-script>
/usr/bin/perl <perl-script>
/bin/bash <bash-script>
/lib/ld-linux.so.2 <elf-binary>

Roberto C. Sanchez

Attachment: pgpbexdZw6Yrs.pgp
Description: PGP signature

Reply to: