LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   how to prevent executing script in /tmp ? (https://www.linuxquestions.org/questions/linux-security-4/how-to-prevent-executing-script-in-tmp-649023/)

montyleesam 06-13-2008 05:52 AM
how to prevent executing script in /tmp ?
 
Hello all.

As you know, many attackers using /tmp for uploading exploit code.
and execute like below.

/usr/bin/perl /tmp/exploit.cgi or
/bin/sh /tmp/exploit.sh

so, even though I setup noexec at /tmp in /etc/fstab, attacker can avoid this config.

So is there any solution or method to prevent or monitoring using /tmp?



Thanks in advance.

datopdog 06-13-2008 06:29 AM
You could write selinux policy to prevent script execution in /tmp

Randux 06-13-2008 06:42 AM
Why doesn't noexec work? If you're that worried, run a minimal chrooted system.

win32sux 06-13-2008 07:16 AM
Quote:
Originally Posted by Randux (Post 3183528)
Why doesn't noexec work?
Because you don't need to execute the script. You can execute the interpreter (which will be on a non-noexec partition) and tell it which file to load the commands from, as shown in the OP's examples.

unSpawn 06-13-2008 05:49 PM
Quote:
Originally Posted by datopdog (Post 3183520)
You could write selinux policy to prevent script execution in /tmp
Could you post the steps to do that please?

Randux 06-15-2008 08:15 AM
Quote:
Originally Posted by win32sux (Post 3183560)
Because you don't need to execute the script. You can execute the interpreter (which will be on a non-noexec partition) and tell it which file to load the commands from, as shown in the OP's examples.
That sounds bad!


All times are GMT -5. The time now is 09:14 PM.