LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-01-2011, 01:32 AM   #1
agriz
Member
 
Registered: Nov 2011
Posts: 197

Rep: Reputation: Disabled
How to secure tmp folder?


Hi

I want to secure tmp folder and want to stop any execution there.

Please guide me for that

Thanks

PS I am getting lot of 500 and 502 error here. Please fix it. For every click i am getting it
 
Old 12-01-2011, 06:29 AM   #2
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
If /tmp is on it's own partition, you could add the "noexec,nosuid,nodev" mount options in /etc/fstab. It won't make it impossible for a person to execute files (a clever person can get around it) but can prevent accidental execution.

For example:
Code:
sudo mv /tmp /oldtmp
sudo mkdir /tmp
sudo mount --bind /oldtmp /tmp
sudo mount /tmp -o remount,nosuid,noexec,nodev

> ./ls
bash: ./ls: Permission denied
> /lib64/ld-linux-x86-64.so.2 ./ls
./ls: error while loading shared libraries: ./ls: failed to map segment from shared object: Operation not permitted
Look at the mount manpage. It shows how a --bind mount fstab entry looks like.

On older versions of linux, /lib/ld-linux.so /tmp/<program>, would run the program. This hole has been plugged.

For debian distributions, installing packages requires files in /tmp to be executable. You need to modify the system to remount /tmp before install and again after.

---
/tmp should just be used for temporary files. Such as modifying a file, and needing to redirect to a temporary file, before replacing the original:
sed 's/john/mike' file >/tmp/tmpfile
mv /tmp/tmpfile file

You shouldn't be saving things there. Since you want to make /tmp more secure, delete all files in /tmp when you power down. Most disto's have a setting to do that. A malicious file will be removed then.

Last edited by jschiwal; 12-01-2011 at 07:06 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] tmp folder zacetnik Linux - Newbie 2 11-06-2011 11:13 AM
bash to secure /tmp /dev/shm (help needed) RAmos Programming 4 03-23-2010 08:08 PM
/tmp folder bytez Linux - Security 9 10-24-2006 01:10 AM
/var/tmp folder hardeep_ubhi Linux - General 4 10-02-2006 07:10 AM
Looking for help to secure /tmp beyonds Linux - Security 17 06-25-2006 10:42 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:20 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration