WARNING:DO NOT UPGRADE TO CORE 4

[Robert Locke]

On Wed, 2005-07-13 at 14:16 -0500, Mike McCarty wrote:
> Paul Howarth wrote:
> 
> ><snip>
> >
> >My point was that there's no way of knowing what undiscovered
> >vulnerabilities there are on your system, so having multiple layers of
> >defences such as firewalls, mounting /var and /tmp partitions with
> >noexec, selinux etc. all help to mitigate the risk.
> >  
> >
> Ah, an aswer. I'm perhaps vulnerable to something being put into
> /var or /tmp (/tmp world writable) and then being executed from there.
> 
> Now that's useful information. So, I possibly should remove '..x..x..x' from
> /tmp? That's an idea. BTW, on my system, /tmp is not a separate volume.
> 

Whoa, Mike.  Do not change the permissions on /tmp as you seem to be
implying.  Lots o' things will break if you change /tmp from it's normal
1777 permissions (drwxrwxrwt).  Remember that "x" on a directory has
nothing to do with executing something really but rather is allowing
someone to "cd" into that directory....

What the earlier suggestion was getting at for you was to modify the
"mount options" for your separate /tmp filesystem (presuming you have a
separate filesystem for /tmp).  You would edit /etc/fstab and find the
line relating to /tmp and change the fourth column to include "noexec"
and/or perhaps "nosuid".  Of course, some applications may presume an
ability to "exec" a file in /tmp and some applications may rely on that
file having the "SUID" bit set, so doing this could break something,
YMMV.....

The goal in "hardening" a Linux box is always to try to figure out the
different ways that someone may try to inject code to execute on your
machine to grant them a) access, b) privilege, c) your data, or d) your
cycles.....  Best bet for you is probably to do some google'ing or pick
up an O'Reilly book or two on Security to assess some of the more common
exploitable areas.  Look for topics on "hardening Linux".  That will
keep you busy for quite some time.... :-)

Good luck,

--Rob