knowledgebase/linux/webserver/noexec tmp Do you have a 'broken' web application that let's hackers upload files to /tmp and execute them? Here is how to prevent programs uploaded to /tmp from running. {code:none} # create a 10MB block device which will be the /tmp file system cd /root dd if=/dev/zero of=/root/tmpMnt bs=1024 count=10000 mkfs.ext3 -F /root/tmpMnt # mount it at /tmp mv /tmp /tmp.backup mkdir /tmp mount -o loop,noexec,nosuid,rw /root/tmpMnt /tmp chmod 0777 /tmp # make it so it is used on boot up if ! grep -qai tmpMnt /etc/fstab ; then echo "/root/tmpMnt /tmp ext3 loop,noexec,nosuid,rw 0 0" >> /etc/fstab fi # check your syntax is ok mount -a # check that programs in /tmp will not run cp /bin/ls /tmp/ /tmp/ls {code} 2007-08-14 01:26:34.0 2005-09-14 20:00:06.0 comment-knowledgebase/linux/webserver/noexec tmp-1 Keep in mind sometimes a hacker may upload a perl script to your /tmp directory. In this case the script calls perl and perl is executed outside of the /tmp directory, regardless of the permissions on /tmp. This is why it's good to ensure your /tmp directory is 1) perms set to: chmod 1777 /tmp this sets the sticky bit and ensures that no other users may write to anothers' files. 2) Monitored often for possible malicious scripts unknowingly uploaded to your server. 2007-08-14 01:26:27.0 2007-08-14 01:25:52.0 comment-knowledgebase/linux/webserver/noexec tmp-2 See also: http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s4.9 2007-08-14 16:58:47.0 2007-08-14 16:58:47.0