LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-10-2007, 10:16 PM   #1
hackintosh
Member
 
Registered: Dec 2005
Posts: 52

Rep: Reputation: 15
how to securing /tmp , /var/tmp and /dev/shm


as above topic..

based on my knowledge, i know this 3 dir is 777 permission. that will be dangerous for a live server.

if someone gain local user access. he can execute something at here and gain the root access.

do u guy have any experience on securing these directories ??


thanks
 
Old 10-11-2007, 08:24 AM   #2
juergen
Member
 
Registered: Sep 2001
Posts: 40

Rep: Reputation: 16
Some people advocate mounting /tmp on a separate partition with the noexec and nosuid options. Theoretically, one might be able to construct a case where this might lead to problems with badly written software, but in real life, this should work out fine.

See, for example, the article at http://www.sagonet.com/vbulletin/showthread.php?t=2852.
 
Old 10-11-2007, 11:26 PM   #3
hackintosh
Member
 
Registered: Dec 2005
Posts: 52

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by juergen View Post
Some people advocate mounting /tmp on a separate partition with the noexec and nosuid options. Theoretically, one might be able to construct a case where this might lead to problems with badly written software, but in real life, this should work out fine.

See, for example, the article at http://www.sagonet.com/vbulletin/showthread.php?t=2852.
thanks alot :P
i will do it later :P
 
Old 10-12-2007, 06:59 AM   #4
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE 13.1 / 12.3_64-KDE, Ubuntu 14.04, Fedora 20, Mint 17, Chakra
Posts: 3,644

Rep: Reputation: Disabled
If you have a lot of RAM there is also tmpfs, to be used in combination with juergen's noexec and nosuid options during mount via /etc/fstab.
 
Old 10-13-2007, 04:04 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,987
Blog Entries: 54

Rep: Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742
Also note that if you use badly configured or vulnerable Perl or PHP-based apps / serving daemon / kernel, using mount flags is nice but *NOT* sufficient at all.
 
Old 10-16-2007, 08:30 PM   #6
hackintosh
Member
 
Registered: Dec 2005
Posts: 52

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by unSpawn View Post
Also note that if you use badly configured or vulnerable Perl or PHP-based apps / serving daemon / kernel, using mount flags is nice but *NOT* sufficient at all.
ya i know that..

now i setup my system with single / and swap.
when i added the /tmp in the fstab and it is not working after reboot.

is it i have to make the /tmp as a single partition during installation?

thanks
 
Old 10-17-2007, 02:23 PM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,987
Blog Entries: 54

Rep: Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742
Quote:
Originally Posted by hackintosh View Post
now i setup my system with single / and swap.
...right. Then you also already know using a single / and swap is not a way to set up a server.
 
Old 10-17-2007, 11:26 PM   #8
hackintosh
Member
 
Registered: Dec 2005
Posts: 52

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by unSpawn View Post
...right. Then you also already know using a single / and swap is not a way to set up a server.
that caused me a lot of painful. but no pain no gain.

at least i gain something.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
securing /tmp zman818 Linux - Security 7 09-13-2006 01:31 PM
securing /tmp MSafty Linux - Security 8 01-09-2006 05:41 PM
kde, /tmp, /var/tmp and all that garba Linux - Software 4 06-17-2005 12:31 PM
/tmp /var/tmp Manuel-H Linux - General 3 04-23-2005 05:30 AM
Newbie question - /tmp /var/tmp Mr happy Linux - Security 3 01-27-2003 01:03 PM


All times are GMT -5. The time now is 05:38 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration