Borja Marcos wrote:
>
> Hello,
>
> Many security exploits create files in the /tmp directory
> and execute them. I think it would be a good idea to add logging
> to the to exec_check_permissions() in kern.exec.c so that attempts
> to run files from a filesystem mounted as "noexec" can be detected.
>
> With this measeure, and mounting /tmp as "noexec" some
> generic hostile acts (wow, how does it sound! :-) ) could be
> detected.
[and, as you said, the same goes for nosuid -- and for nodev too]
This doesn't enhance security. It enhances auditability. I like
this. Add a syslog, and a sysctl to turn it on or off. It seems
straight-forward and light-weight. Send the patches. :-)
--
Daniel C. Sobral (8-DCS)
[EMAIL PROTECTED]
[EMAIL PROTECTED]
What y'all wanna do?
Wanna be hackers? Code crackers? Slackers
Wastin' time with all the chatroom yakkers?
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
