slapper worm
Peter J. Holzer
hjp+fedora-legacy at wsr.ac.at
Tue Jan 24 11:00:12 UTC 2006
On 2006-01-24 08:46:24 +1000, Michael Mansour wrote:
> > More generally, I read advice somewhere that mounting /tmp with the
> > "noexec" option (and making any other temp directories symbolic
> > links to that one) can make this type of attack much more difficult.
This doesn't really prevent execution of programs on /tmp, it just makes
it more difficult. It is useful against worms which don't expect /tmp to
be mounted noexec, though. (In other words: It works as long as only a
few people use this trick)
> Definately noted as one of the measures to stop this type of attack, but for
> this particular server, /tmp is not a mounted filesystem but part of /, so I
> can't really do that without re-partitioning the disk and creating a dedicated
> /tmp.
You could put /tmp on a tmpfs:
/etc/fstab:
none /tmp tmpfs noexec 0 0
hp
--
_ | Peter J. Holzer | If I wanted to be "academically correct",
|_|_) | Sysadmin WSR | I'd be programming in Java.
| | | hjp at wsr.ac.at | I don't, and I'm not.
__/ | http://www.hjp.at/ | -- Jesse Erlbaum on dbi-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 388 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060124/e4bc151d/attachment.sig>
More information about the fedora-legacy-list
mailing list