Thanks for the confirmation, all... as I suspected, securing executables (err, scripts) in the /tmp directory is non-trivial. However, I wonder if something like this would work:
1) Move the main Perl executable from /usr/bin/perl to, say, /usr/bin/perl-real. 2) Create a new file /usr/bin/perl that's a shell script: #!/bin/bash if [ -z "`echo $@ | grep ^/tmp`" ] && [ -z "`echo $PWD | grep ^/tmp`"]; then /usr/bin/perl-real $@; fi Basically this just takes the arguments to "perl blah blah" and checks whether the first one begins with "/tmp", then also checks whether /tmp is the current directory. It would prevent things like perl /tmp/my-evil-script.pl and cd /tmp ; perl my-evil-script.pl Although it wouldn't stop cat /tmp/my-evil-script.pl | perl or even perl /./tmp/my-evil-script.pl Of course, the whole intent of these shenanigans is to prevent automated cracks from succeeding. The ones I've seen tend to save a file in /tmp and then just run Perl against it. I think this would stop those guys cold. Any thoughts? Comments? Am I missing something obvious? (Naturally I'm nervous about doing something like replacing the system Perl command with a hack of a shell script...) Thanks, Jeff
pgp2SXYJKO2ld.pgp
Description: PGP signature
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
