On Mon, Jul 14, 2003 at 01:02:33AM -0400, bda wrote: > On Sun, Jul 13, 2003 at 11:55:45PM -0400, Matt Zimmerman wrote: > > If the user can read files in /tmp, they can execute the code in them. > > What problem is noexec /tmp supposed to solve? > > In the event that the machine gets popped (depending on the vector of > attack), it makes it that much more difficult for the intruder to run > exploits on the machine, as it's possible that they cannot write to any > directory but /tmp. (This is admittedly unlikely as if they're exploiting > a service, that service can mostly likely write SOMEWHERE, which allows > for the execution of code; ignoring the fact that the attacker has likely > already gained the ability to run arbitrary commands.)
Right. If they can run arbitrary code, they can run arbitrary code. If the exploit relies on a writable /tmp, it can be modified not to. > It may seem like putting a pebble in front of a tank, but the only defense > we have is a many-layered security policy. If it were a straightforward kind of protection like nosuid, absolutely. It just happens that noexec isn't much of a barrier, and breaks more than it helps, so I don't miss it. -- - mdz
