On 2006-01-24 22:13:26 +1000, Michael Mansour wrote: > Hi Peter, > > > On 2006-01-24 08:46:24 +1000, Michael Mansour wrote: > > > Definately noted as one of the measures to stop this type of attack, but > > > for > > > this particular server, /tmp is not a mounted filesystem but part of /, > > > so I > > > can't really do that without re-partitioning the disk and creating a > > > dedicated > > > /tmp. > > > > You could put /tmp on a tmpfs: > > > > /etc/fstab: > > none /tmp tmpfs noexec 0 0 > > That's actually a very good idea, I forgot about that. But I thought it was > more like: > > /dev/shm /tmp tmpfs noexec,size=512M,mode=777 0 0 > > ie. I'd have to use the /dev/shm device instead of "none" ?
The device is ignored for filesystems which don't really use any device
(like proc, sys, tmpfs, etc.).It might be a good idea to use a more
descriptive string than "none", though.
> Actually, I forgot whether the tmpfs automatically adds the sticky bit on
> /tmp, or would I need to change the mode to "1777" ?
The default mode is 1777. If you explicitely set the mode to 777, the
sticky bit isn't set.
hp
--
_ | Peter J. Holzer | If I wanted to be "academically correct",
|_|_) | Sysadmin WSR | I'd be programming in Java.
| | | [EMAIL PROTECTED] | I don't, and I'm not.
__/ | http://www.hjp.at/ | -- Jesse Erlbaum on dbi-users
pgpoa0iXhxcWA.pgp
Description: PGP signature
-- fedora-legacy-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-legacy-list
