* Kurt Seifried wrote on Wed, Aug 16, 2000 at 01:46 -0600:
- Steffen Dettmer wrote:
- Simon Lodal <simonl@mirrormind.com> wrote:
[-- at this ident level --]
Take a look how to run a non-exucutable file: So the noexec option isn't helping
This is true, but most scripts/etc assume /tmp can hold executables and execute them without any funkiness like /lib/ld-linux.so.2 /tmp/rewt-shell
Correct, but the question/idea was:
I want to prevent anyone from uploading and running their own binaries. The idea is simply to make sure that all partitions where users have write access will be mounted with the noexec flag.
And "noexec" is no way to prevent anybody from executing own binaries, they can still do.
Since security is NEVER 100% absolute, and is about risk management I would say it's still worth doing since it mitigates some risk (many "default" scripts will break).
It wasn't the idea of breaking default scripts IRRC; the question was if a system with noexec mounted /tmp/ is still working without problems. default Scripts work still when invoked as parameter to the interpreter, i.e. "perl test.pl" (BTW, this is dangerous, too, since perl can make syscalls etc.), since the interpreters are still executable (but not writeable, but this doesn't matters here I think).
If you do enough of these little fixes you can make life pretty rough on the attacker.
Well, let's say you can make life bad for script-kiddies :) But I think the original poster wanted to prevent the local users from executeing binaries. You're right if you say an ordinary user wouldn't know how to work around noexec fs, normally ;) oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.