Bugtraq mailing list archives
Re: /tmp topic
From: Tollef Fog Heen <tollef () ADD NO>
Date: Tue, 19 Dec 2000 07:30:35 +0100
* Max Gribov
| Mount /tmp with noexec option in /etc/fstab is a pretty secure
| thingto do...
At least under Linux, noexec is not very useful: (I know this has
been disclosed on bugtraq before, but, obviously, not everybody knows
about it)
$cat hello.c
#include <stdio.h>
int main() {
printf("hello world\n");
return 0;
}
$gcc -o hello hello.c
$./hello
bash: ./hello: Permission denied
$/lib/ld-linux.so.2 ./hello
hello world
Basically - it all boils down to:
don't use /tmp, use $TMPDIR or $TMP, failing that use $HOME/tmp. If
that fails, use /tmp with mkstemp/mkdtemp (like Kris Kennaway wrote)
or open(2) with O_EXCL. If everything fails, bail out or give the
user warning and option to retry. (Whatever's appropriate for the
program)
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
Current thread:
- /tmp topic Octavio / Super (Dec 16)
- Re: /tmp topic Max Gribov (Dec 18)
- Re: /tmp topic Tollef Fog Heen (Dec 19)
- Re: /tmp topic Glynn Clements (Dec 19)
- Re: /tmp topic Self, Karsten (Dec 26)
- Re: /tmp topic Kris Kennaway (Dec 18)
- Re: /tmp topic Kris Kennaway (Dec 19)
- <Possible follow-ups>
- Re: /tmp topic Brad Cavanagh (Dec 18)
- Re: /tmp topic Ben Greenbaum (Dec 26)
- Re: /tmp topic Max Gribov (Dec 18)