slapper worm
Michael Mansour
mic at npgx.com.au
Tue Jan 24 12:13:26 UTC 2006
Hi Peter,
> On 2006-01-24 08:46:24 +1000, Michael Mansour wrote:
> > > More generally, I read advice somewhere that mounting /tmp with the
> > > "noexec" option (and making any other temp directories symbolic
> > > links to that one) can make this type of attack much more difficult.
>
> This doesn't really prevent execution of programs on /tmp, it just makes
> it more difficult. It is useful against worms which don't expect
> /tmp to be mounted noexec, though. (In other words: It works as long
> as only a few people use this trick)
>
> > Definately noted as one of the measures to stop this type of attack, but for
> > this particular server, /tmp is not a mounted filesystem but part of /, so I
> > can't really do that without re-partitioning the disk and creating a dedicated
> > /tmp.
>
> You could put /tmp on a tmpfs:
>
> /etc/fstab:
> none /tmp tmpfs noexec 0 0
That's actually a very good idea, I forgot about that. But I thought it was
more like:
/dev/shm /tmp tmpfs noexec,size=512M,mode=777 0 0
ie. I'd have to use the /dev/shm device instead of "none" ?
Actually, I forgot whether the tmpfs automatically adds the sticky bit on
/tmp, or would I need to change the mode to "1777" ?
Michael.
More information about the fedora-legacy-list
mailing list