LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   how to securing /tmp , /var/tmp and /dev/shm (http://www.linuxquestions.org/questions/linux-security-4/how-to-securing-tmp-var-tmp-and-dev-shm-590937/)

hackintosh 10-10-2007 10:16 PM

how to securing /tmp , /var/tmp and /dev/shm
 
as above topic..

based on my knowledge, i know this 3 dir is 777 permission. that will be dangerous for a live server.

if someone gain local user access. he can execute something at here and gain the root access.

do u guy have any experience on securing these directories ??


thanks

juergen 10-11-2007 08:24 AM

Some people advocate mounting /tmp on a separate partition with the noexec and nosuid options. Theoretically, one might be able to construct a case where this might lead to problems with badly written software, but in real life, this should work out fine.

See, for example, the article at http://www.sagonet.com/vbulletin/showthread.php?t=2852.

hackintosh 10-11-2007 11:26 PM

Quote:

Originally Posted by juergen (Post 2920788)
Some people advocate mounting /tmp on a separate partition with the noexec and nosuid options. Theoretically, one might be able to construct a case where this might lead to problems with badly written software, but in real life, this should work out fine.

See, for example, the article at http://www.sagonet.com/vbulletin/showthread.php?t=2852.

thanks alot :P
i will do it later :P

JZL240I-U 10-12-2007 06:59 AM

If you have a lot of RAM there is also tmpfs, to be used in combination with juergen's noexec and nosuid options during mount via /etc/fstab.

unSpawn 10-13-2007 04:04 AM

Also note that if you use badly configured or vulnerable Perl or PHP-based apps / serving daemon / kernel, using mount flags is nice but *NOT* sufficient at all.

hackintosh 10-16-2007 08:30 PM

Quote:

Originally Posted by unSpawn (Post 2922693)
Also note that if you use badly configured or vulnerable Perl or PHP-based apps / serving daemon / kernel, using mount flags is nice but *NOT* sufficient at all.

ya i know that..

now i setup my system with single / and swap.
when i added the /tmp in the fstab and it is not working after reboot.

is it i have to make the /tmp as a single partition during installation?

thanks

unSpawn 10-17-2007 02:23 PM

Quote:

Originally Posted by hackintosh (Post 2926775)
now i setup my system with single / and swap.

...right. Then you also already know using a single / and swap is not a way to set up a server.

hackintosh 10-17-2007 11:26 PM

Quote:

Originally Posted by unSpawn (Post 2927639)
...right. Then you also already know using a single / and swap is not a way to set up a server.

that caused me a lot of painful. but no pain no gain.

at least i gain something.


All times are GMT -5. The time now is 11:08 AM.