how to securing /tmp , /var/tmp and /dev/shm
 

as above topic..

based on my knowledge, i know this 3 dir is 777 permission. that will be dangerous for a live server.

if someone gain local user access. he can execute something at here and gain the root access.

do u guy have any experience on securing these directories ??


thanks

Some people advocate mounting /tmp on a separate partition with the noexec and nosuid options. Theoretically, one might be able to construct a case where this might lead to problems with badly written software, but in real life, this should work out fine.

See, for example, the article at http://www.sagonet.com/vbulletin/showthread.php?t=2852.

thanks alot :P
i will do it later :P

If you have a lot of RAM there is also tmpfs, to be used in combination with juergen's noexec and nosuid options during mount via /etc/fstab.

Also note that if you use badly configured or vulnerable Perl or PHP-based apps / serving daemon / kernel, using mount flags is nice but *NOT* sufficient at all.

ya i know that..

now i setup my system with single / and swap.
when i added the /tmp in the fstab and it is not working after reboot.

is it i have to make the /tmp as a single partition during installation?

thanks

...right. Then you also already know using a single / and swap is not a way to set up a server.

that caused me a lot of painful. but no pain no gain.

at least i gain something.