On Sun, Jul 13, 2003 at 01:33:52AM -0400, Noah L. Meyerhans wrote:
> On Sat, Jul 12, 2003 at 11:43:02PM -0300, Peter Cordes wrote:
> >  This is at least the third time this has come up that I remember.  
> > However, 
> > absolute statements like *can not* get me thinking:  Is there any any sort
> > of file that can't be executed from /tmp?  What about statically linked ELF
> > binaries?  /lib/ld-linux.so.2 /sbin/e2fsck.static  segfaults.  In five
> > minutes, I haven't thought of a way to execute one.
> Perhaps something like SELinux, employing ACLs, could do the job?  I
> don't know a whole lot about it.

 Err, what I was saying was that I can't think of a way for an attacker to
run a static binary from /tmp.  Thus, making /tmp noexec does actually
prevent that, contrary to your hypothesis that one *can not* prevent
execution.  (As I said, this is not very useful, because the attacker
won't be constrained to static binaries except in a very carefully
constructed chroot jail.  (Or maybe with SELinux and ACLs, which is maybe
what you were saying?))

