Sponsored link
Vyatta –
Linux & Open Source
Alternative to Cisco –
Advanced Routing,
Firewall, VPN, QoS..
Free Download ->
| |||||||||||
Secure temporary files in Linux (ZDNet India)Secure temporary files in Linux (ZDNet India)Posted Mar 10, 2008 21:37 UTC (Mon) by ballombe (subscriber, #9523)Parent article: Secure temporary files in Linux (ZDNet India)
I fail to see why a bot would ever need to create executable in /tmp. Beside, this is trivial to bypass: just upload a script foo and run sh -c foo or perl foo. So, what is the point ?
(Log in to post comments)
Secure temporary files in Linux (ZDNet India) Posted Mar 10, 2008 23:49 UTC (Mon) by jreiser (subscriber, #11027) [Link] A particular bot might be able to function without creating an executable in /tmp, but doing so may be convenient for the bot writer. For instance, such code is readily available, small, etc. Some systems/environments/users do not have sh or perl visible in $PATH.
Secure temporary files in Linux (ZDNet India) Posted Mar 11, 2008 0:10 UTC (Tue) by Fishwaldo (subscriber, #47595) [Link] I dont' think its a issue of preventing a bot creating a executable, but preventing the bot getting on the system in the first place. Lots of exploits out there target webapps, and bot/worm authors know that regardless of what distribution the target systems are running, /tmp is always available and writable... so thats where they dump their bots and then execute them. (for good, well documented examples, have a look at the phpbb worms that were around about a year ago..) The noexec might stop 1/2 (guestimate) of existing bots/worms out there, but then there are tons of perl or shell based bots as well that it probably wont stop. To me, this is more of a problem of lazy admins looking for easy ways out. As long as you keep you systems up todate then you shouldn't need to worry about bots targetting /tmp in the first place (of course, its a different story for webhosts, but then this type of stuff is part of the game)
|
|||||||||||