> On Sun, Jul 13, 2003 at 11:55:45PM -0400, Matt Zimmerman wrote: > > If the user can read files in /tmp, they can execute the > code in them. > > even if the user is a "nobody" that owns no files or > directories and grsecurity, selinux or the like prevents > him/her to execute directly code from world writeable directories? > > (I do not know, so I ask)
Grsecurity has a "trusted path execution" option. Paste from config help : CONFIG_GRKERNSEC_TPE: If you say Y here, you will be able to choose a gid to add to the supplementary groups of users you want to mark as "untrusted." These users will not be able to execute any files that are not in root-owned directories writeable only by root. If the sysctl option is enabled, a sysctl option with name "tpe" is created. Vincent
