On Friday 17 February 2006 07:33, Alexander Skwar wrote: > Hemmann, Volker Armin wrote: > > On Thursday 16 February 2006 20:40, Alexander Skwar wrote: > >> Hemmann, Volker Armin wrote: > >> > On Thursday 16 February 2006 17:18, Alexander Skwar wrote: > >> >> Hemmann, Volker Armin wrote: > >> >> > On Thursday 16 February 2006 15:45, Alexander Skwar wrote: > >> >> >> Hemmann, Volker Armin wrote: > >> >> >> > On Thursday 16 February 2006 14:06, Alexander Skwar wrote: > >> >> >> >> Izar Ilun wrote: > >> >> > > >> >> > Why should he make /tmp noexec, > >> >> > >> >> Security precaution. > >> > > >> > if you have 10+ users with access to the box. But a workstation, > >> > without even sshd running, it is not needed. > >> > >> "needed" - What's "needed", anyway? > >> > >> > And hey, why should /tmp noexec save you from anything? > >> > >> Because it does. > > > > so? how? > > Think, you might find out. What does noexec do, hm? > > Even *you* might find out... > > Well... If I think about it... No, you're too clueless > to find out. > > Hint 1: "noexec" nowadays makes it impossible to execute > programs stored on that filesystem.
I know, but it won't save you from anything. After a user got in, he is a user. And every user has a place with write permission (if he is user apache/httpd he has lots of places, where he can store code). Outside of /tmp. You see - it doesn't help you anything. > Hint 2: /tmp (and /var/tmp) are (hopefully) the only places > where everybody can write. an attacker does not need a place, where everybody can write. He just needs SOME place, where he can write - like the home-directory of the user he just corrumpted. Also, he can disrupt your system, by just filling up /tmp. No code needed for that. > > >> > If someone is able to break into your box, he can build his tools in > >> > /home or /var/tmp or somewhere else. No need for /tmp. > >> > >> Wrong again. If tmp is the only place somebody can write, then > >> it might save you (and it DID save my ass more than once now). > > > > since /tmp is not the only place where someone can write (/var/tmp > > anyone?) > > True. /var/tmp is a link to /tmp on my system. And if not, /var/tmp > could also easily be a seperate fs. and another partition ..,. > > > it > > won't help you much. > > That's of course wrong again. > > >> >> Ah. Please explain how you mount /tmp noexec and /usr > >> >> readonly. > >> > > >> > I don't because it is wasted effort. > >> > >> Of course it's not. > > > > yes it is. > > Jaja. Just because you've got problems, it doesn't mean > that there ARE problems. it is wasted: if he has so many rights, that he could write to /usr, he has enough rights to remount it. and /tmp is not needed, as soon as you have breaken into the box. Plus, a full /tmp and /var will disrupt services and make reboot (almost) impossible. So, noexec and ro /usr will save you from nothing. > No, it's not. Write permissions don't mean, that somebody is root. in my /usr, yes it does. ;) > > > > yes really, you have to remount /usr everytime you update something. > > Jaja. You know, your exaggerations become boring... because it is true? show me, how do you update something residing in /usr without remounting. > > > a) /tmp is cleaned during boot - so this won't happen anyway. /tmp ios cleaned so late, that it is too late, is both are totally full. > b) Don't let it happen in the first place. you can not tell an attacker what not to do. > c) Boot a rescue system like Knoppix and clean /tmp. yeah! but why boot from a boot-cd, if you don't have to? (hint: /tmp not on its own, small partition) > > d) In reality, I NEVER had it happen that /tmp or /var/tmp > ran out of space. What happened "more often" is that /var > ran out of space, because of the logs in /var/log. you have never used gimp, did you? I have seen gimp filling up a 5GB /tmp. > > >> >> I see. Strange thing is, that about every server and workstation > >> >> I've seen more or less contradicts what you say. > >> > > >> > if you have 20+ users on each of them, and every single one is a > >> > little cracker in disguisse, it may make sense, but for a single user > >> > box? > >> > >> Why are you asking? > > > > because you are the one starting with 'server' and 'workstations' > > Correct. So what? Why are you asking? > > > and the OP > > never talked about one or the other. > > His system MUST be the one or the other. nope, there is a third category: personal computer (also called home computer). > > >> > If every partition takes a second, it will be very noticable. > >> > >> Hardly. (Notice that I'm not saying "No".) > > > > if mounting becomes the major 'hold up' in your booting process, it > > becomes VERY noticable. > > Jaja. Do you actually expect to be taken seriously? not from you. From thois mailing list I learnt, that if someone is not on your side, the person is wrong. > > > I have been there, > > I doubt that. Why should I lie? I had 3 ibm harddisks 1x10Gb,2x40gb one seagate 20gb and all and everything on its own partition. And it was hell after a while. > > More harddisks=bigger chance that one of them dies. > > True. So? What does this have to do with the fact, that the > available hd's are too small? Just as a reminder - that's > the scenario YOU are talking about. becuase you started with 'buy more harddisks' > >> > It is simple math. > >> > >> *LOL* _You_ should not talk about maths :) > > > > you obviously don't understand simple statistics. > > Seems like. But maybe it's just, that I've got problems > following your nonsense, hm? you mean your nonesense? Yep, it is hard to deal with you. I snipped the rest: TL:DR -- gentoo-user@gentoo.org mailing list
