noexec on /tmp but still
Upon installation of this server I setup this line in fstab:
LABEL=/tmp /tmp ext3 noexec 1 2 Now there was some crap injected into a subdir of /tmp to attack an IRC server. Was put there by the apache user so it's clearly a vulnerable site that I'm yet to identify. What gets me is how they execute this stuff while the directory is flagged noexec? I even tested putting a simple script in there myself and I certainly get access denied when trying to execute it. Am I missing somethign? Ta |
/tmp gets a sticky bit, so noexec will not work alone and you may need an extra option like nosuid. Probably you may to find out if you can use chroot or even better schroot.
Read http://www.linuxtechs.net/securing_tmp_partition. A lot of scripts can be executed with out the script being set as executable. In this case you may want to lock down interpreters so outsiders can not run scripts. |
Rite, I assume by this that you mean stop a compiler being used by other users? I thought about that many a times but I'm not sure how to achieve this result without "breaking" things?
Are there any howto's on this? Thx |
@Electro: How would that work? I mean nousuid and noexec are two different things..right?
nosuid would probably prevent files like passwd and other files with permissions of 4755 from not being executed at all in /tmp. noexec would or rather "should" prevent any executables from being executed at all. So for example if while I'm in /tmp I try and do something like ./dos_linux.sh it shouldn't run or should give me a permission denied like stefaandk said. @Stefaandk: Whats the permissions on this attack script which you discovered? Cheers Arvind |
Quote:
Code:
./dos_linux.sh Code:
sh dos_linux.sh |
Quote:
Thnx Arvind |
Quote:
Code:
win32sux@candystore:/tmp$ echo "echo Hello" > test.txt |
Great ...that clears things up quite a bit. Just a couple of things though:
1.If I ran this copy of /bin/sh from /tmp(No reason to do this..just asking) the noexec would stop it from executing.Right? Code:
/tmp/sh test.txt If I have a binary in /tmp which is noexec'd and say /bin/sh and I call both from within a script in /tmp; the /bin/sh would execute but the other binary on /tmp itself would not execute. Correct?? Thnx Arvind |
Quote:
Quote:
|
Cool...Thnx a lot. That cleared up a few concepts.
Cheers Arvind |
So, anyway to prevent the execution of /bin/sh bad_script.sh in /tmp without breaking anything ?
On my system, mysql is the only one that uses /bin/sh to start... /bin/sh ./bin/safe_mysqld --user=mysql5 Any ideas on how to secure this shell and others in the system? Some howtos? |
All times are GMT -5. The time now is 11:12 AM. |