Blackhole

Tobias Speckbacher TSpeckbacher at quova.com
Mon Apr 11 20:37:14 UTC 2005


> -----Original Message-----
> From: redhat-list-bounces at redhat.com [mailto:redhat-list-
> bounces at redhat.com] On Behalf Of Ed Wilts
> Sent: Monday, April 11, 2005 1:28 PM
> To: General Red Hat Linux discussion list
> Subject: Re: Blackhole
> 
> On Mon, Apr 11, 2005 at 01:19:51PM -0700, Justin Zygmont wrote:
> > You may not have to reinstall the whole system, /tmp is likely the
only
> > directory that was writable through an exploit.
> 
> /var/tmp is also world writable.
> 
> Any time you do not trust what's on your system, you should seriously
> consider doing a re-install.  Sure, you may get away with not having
to
> do one, but what if you guess wrong and your customer data is
> compromised?

I will have to 2nd that.
But rolling back 200 customers sites is going to result in a lot of PO'd
customers from my experience (although it is in their interest).

Mounting /tmp with noexec and nosuid might be a good idea going forward
as well.  Expand that to other filesystems as you see fit.

-Tobias

> 
> --
> Ed Wilts, RHCE
> Mounds View, MN, USA
> mailto:ewilts at ewilts.org
> Member #1, Red Hat Community Ambassador Program
> 
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list




More information about the redhat-list mailing list