On Wed, 2005-07-13 at 14:16 -0500, Mike McCarty wrote: > Paul Howarth wrote: > > ><snip> > > > >My point was that there's no way of knowing what undiscovered > >vulnerabilities there are on your system, so having multiple layers of > >defences such as firewalls, mounting /var and /tmp partitions with > >noexec, selinux etc. all help to mitigate the risk. > > > > > Ah, an aswer. I'm perhaps vulnerable to something being put into > /var or /tmp (/tmp world writable) and then being executed from there. > > Now that's useful information. So, I possibly should remove '..x..x..x' from > /tmp? That's an idea. BTW, on my system, /tmp is not a separate volume. > Whoa, Mike. Do not change the permissions on /tmp as you seem to be implying. Lots o' things will break if you change /tmp from it's normal 1777 permissions (drwxrwxrwt). Remember that "x" on a directory has nothing to do with executing something really but rather is allowing someone to "cd" into that directory.... What the earlier suggestion was getting at for you was to modify the "mount options" for your separate /tmp filesystem (presuming you have a separate filesystem for /tmp). You would edit /etc/fstab and find the line relating to /tmp and change the fourth column to include "noexec" and/or perhaps "nosuid". Of course, some applications may presume an ability to "exec" a file in /tmp and some applications may rely on that file having the "SUID" bit set, so doing this could break something, YMMV..... The goal in "hardening" a Linux box is always to try to figure out the different ways that someone may try to inject code to execute on your machine to grant them a) access, b) privilege, c) your data, or d) your cycles..... Best bet for you is probably to do some google'ing or pick up an O'Reilly book or two on Security to assess some of the more common exploitable areas. Look for topics on "hardening Linux". That will keep you busy for quite some time.... :-) Good luck, --Rob
