slapper worm
Peter J. Holzer
hjp+fedora-legacy at wsr.ac.at
Tue Jan 24 12:26:33 UTC 2006
On 2006-01-24 22:13:26 +1000, Michael Mansour wrote:
> Hi Peter,
>
> > On 2006-01-24 08:46:24 +1000, Michael Mansour wrote:
> > > Definately noted as one of the measures to stop this type of attack, but for
> > > this particular server, /tmp is not a mounted filesystem but part of /, so I
> > > can't really do that without re-partitioning the disk and creating a dedicated
> > > /tmp.
> >
> > You could put /tmp on a tmpfs:
> >
> > /etc/fstab:
> > none /tmp tmpfs noexec 0 0
>
> That's actually a very good idea, I forgot about that. But I thought it was
> more like:
>
> /dev/shm /tmp tmpfs noexec,size=512M,mode=777 0 0
>
> ie. I'd have to use the /dev/shm device instead of "none" ?
The device is ignored for filesystems which don't really use any device
(like proc, sys, tmpfs, etc.).It might be a good idea to use a more
descriptive string than "none", though.
> Actually, I forgot whether the tmpfs automatically adds the sticky bit on
> /tmp, or would I need to change the mode to "1777" ?
The default mode is 1777. If you explicitely set the mode to 777, the
sticky bit isn't set.
hp
--
_ | Peter J. Holzer | If I wanted to be "academically correct",
|_|_) | Sysadmin WSR | I'd be programming in Java.
| | | hjp at wsr.ac.at | I don't, and I'm not.
__/ | http://www.hjp.at/ | -- Jesse Erlbaum on dbi-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 388 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060124/94426545/attachment.sig>
More information about the fedora-legacy-list
mailing list