On 2006-01-24 08:46:24 +1000, Michael Mansour wrote: > > More generally, I read advice somewhere that mounting /tmp with the > > "noexec" option (and making any other temp directories symbolic > > links to that one) can make this type of attack much more difficult.
This doesn't really prevent execution of programs on /tmp, it just makes
it more difficult. It is useful against worms which don't expect /tmp to
be mounted noexec, though. (In other words: It works as long as only a
few people use this trick)
> Definately noted as one of the measures to stop this type of attack, but for
> this particular server, /tmp is not a mounted filesystem but part of /, so I
> can't really do that without re-partitioning the disk and creating a dedicated
> /tmp.
You could put /tmp on a tmpfs:
/etc/fstab:
none /tmp tmpfs noexec 0 0
hp
--
_ | Peter J. Holzer | If I wanted to be "academically correct",
|_|_) | Sysadmin WSR | I'd be programming in Java.
| | | [EMAIL PROTECTED] | I don't, and I'm not.
__/ | http://www.hjp.at/ | -- Jesse Erlbaum on dbi-users
pgpablwhfuGVZ.pgp
Description: PGP signature
-- fedora-legacy-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-legacy-list
