Mailinglist Archive: opensuse-security (670 mails)
| < Previous | Next > |
Re: [suse-security] Is this true?
- From: Steffen Dettmer <steffen@xxxxxxx>
- Date: Wed, 28 Nov 2001 12:13:18 +0100
- Message-id: <20011128121318.D3248@xxxxxxxxx>
* Praise wrote on Tue, Nov 27, 2001 at 17:16 +0100:
> I have my tmp directory on my / filesystem. Obviously executables are allowed
> for this filesystem.
> A friend of mine, though, claims that this can be a security problem because
> it helps attackers to run local exploits.
For some script kiddies that may be true. But usually it's easy
to run a tool from the home as well.
> From my point of view, it can do no
> more harm than an executable from an user's home directory.
I think it's really the same.
> Is /tmp a danger if it can contains executables??
> Note: I have to allow executables from users' home dir.
If a user has no write permissions to any excuteable partitions,
this would help a little, but evne then you can start every
binary with the dyna linker ld-linux*, so it makes it not much
harder to run a binary on such a partition. If you have the users
to be allowed to executed own binaries somewhere, it completely
equal if they crack via /tmp or their ~home.
oki,
Steffen
--
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.
> I have my tmp directory on my / filesystem. Obviously executables are allowed
> for this filesystem.
> A friend of mine, though, claims that this can be a security problem because
> it helps attackers to run local exploits.
For some script kiddies that may be true. But usually it's easy
to run a tool from the home as well.
> From my point of view, it can do no
> more harm than an executable from an user's home directory.
I think it's really the same.
> Is /tmp a danger if it can contains executables??
> Note: I have to allow executables from users' home dir.
If a user has no write permissions to any excuteable partitions,
this would help a little, but evne then you can start every
binary with the dyna linker ld-linux*, so it makes it not much
harder to run a binary on such a partition. If you have the users
to be allowed to executed own binaries somewhere, it completely
equal if they crack via /tmp or their ~home.
oki,
Steffen
--
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.
| < Previous | Next > |