start > knowledgebase > linux > webserver > noexec tmp

noexec tmp

Created by retep. Last edited by alicia, one year and 145 days ago. Viewed 3,372 times. #6

[diff] [history] [edit] [rdf]

labels

attachments

Do you have a 'broken' web application that let's hackers upload files to /tmp and execute them? Here is how to prevent programs uploaded to /tmp from running.

# create a 10MB block device which will be the /tmp file system
cd /root
dd if=/dev/zero of=/root/tmpMnt bs=1024 count=10000
mkfs.ext3 -F /root/tmpMnt
# mount it at /tmp
mv /tmp /tmp.backup
mkdir /tmp
mount -o loop,noexec,nosuid,rw /root/tmpMnt /tmp
chmod 0777 /tmp
# make it so it is used on boot up
if ! grep -qai tmpMnt /etc/fstab ; then 
     echo "/root/tmpMnt /tmp ext3 loop,noexec,nosuid,rw  0 0" >> /etc/fstab
fi
# check your syntax is ok
mount -a
# check that programs in /tmp will not run
cp /bin/ls /tmp/
/tmp/ls

alicia, one year and 145 days ago.

Keep in mind sometimes a hacker may upload a perl script to your /tmp directory. In this case the script calls perl and perl is executed outside of the /tmp directory, regardless of the permissions on /tmp. This is why it's good to ensure your /tmp directory is

1) perms set to: chmod 1777 /tmp this sets the sticky bit and ensures that no other users may write to anothers' files.

2) Monitored often for possible malicious scripts unknowingly uploaded to your server.

Sun	Mon	Tue	Wed	Thu	Fri	Sat
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31

noexec tmp

alicia, one year and 145 days ago.

yves, one year and 145 days ago.