----- Original Message ----- From: "Luc de Louw" <l...@delouw.ch> To: spacewalk-devel@redhat.com Sent: Tuesday, May 31, 2011 9:31:03 AM Subject: Re: [Spacewalk-devel] Remote commands temporary file location
> Hi, > > Unfortunately the noexec mount option does not help that much to prevent > executing scripts. It only prevents to execute stuff directly: > > # /tmp/script.sh > -bash: /tmp/script.sh: Permission denied > > # bash /tmp/script.sh > Hello World > > Same works with python, perl etc. As soon as you execute an interpreter > and pass the actual script as a parameter, it will get executed. Hi Luc, I'm aware that setting those flags alone won't give me good night's sleep, but it's actually better than nothing. Allowing an attacker run interpreted scripts it's slightly better then allowing him to run compiled code. > For the sake of security it would be great to have the scripts written > to the proposed directory /var/spool/rhn in the future. I'm working on this, I'll submit the bugzilla and a patch asap. Cheers. /Matt _______________________________________________ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
