how to securing /tmp , /var/tmp and /dev/shm
as above topic..
based on my knowledge, i know this 3 dir is 777 permission. that will be dangerous for a live server. if someone gain local user access. he can execute something at here and gain the root access. do u guy have any experience on securing these directories ?? thanks |
Some people advocate mounting /tmp on a separate partition with the noexec and nosuid options. Theoretically, one might be able to construct a case where this might lead to problems with badly written software, but in real life, this should work out fine.
See, for example, the article at http://www.sagonet.com/vbulletin/showthread.php?t=2852. |
Quote:
i will do it later :P |
If you have a lot of RAM there is also tmpfs, to be used in combination with juergen's noexec and nosuid options during mount via /etc/fstab.
|
Also note that if you use badly configured or vulnerable Perl or PHP-based apps / serving daemon / kernel, using mount flags is nice but *NOT* sufficient at all.
|
Quote:
now i setup my system with single / and swap. when i added the /tmp in the fstab and it is not working after reboot. is it i have to make the /tmp as a single partition during installation? thanks |
Quote:
|
Quote:
at least i gain something. |
All times are GMT -5. The time now is 04:17 PM. |