LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for November 27, 2008

LWN.net Weekly Edition for November 20, 2008

MinGW and why Linux users should care

LWN.net Weekly Edition for November 13, 2008

NLUUG/ELCE: Embedded devices and free software

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Secure temporary files in Linux (ZDNet India)

Secure temporary files in Linux (ZDNet India)

Posted Mar 11, 2008 0:10 UTC (Tue) by Fishwaldo (subscriber, #47595)
In reply to: Secure temporary files in Linux (ZDNet India) by ballombe
Parent article: Secure temporary files in Linux (ZDNet India) 

I dont' think its a issue of preventing a bot creating a executable, but preventing the bot
getting on 
the system in the first place.

Lots of exploits out there target webapps, and bot/worm authors know that regardless of what 
distribution the target systems are running, /tmp is always available and writable... so thats
where 
they dump their bots and then execute them. (for good, well documented examples, have a look
at 
the phpbb worms that were around about a year ago..)

The noexec might stop 1/2 (guestimate) of existing bots/worms out there, but then there are
tons 
of perl or shell based bots as well that it probably wont stop.

To me, this is more of a problem of lazy admins looking for easy ways out. As long as you keep
you 
systems up todate then you shouldn't need to worry about bots targetting /tmp in the first
place 

(of course, its a different story for webhosts, but then this type of stuff is part of the
game)

(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds