On Friday 17 February 2006 23:15, Patrick Börjesson wrote:
> > an attacker does not need a place, where everybody can write. He just > > needs SOME place, where he can write - like the home-directory of the > > user he just corrumpted. > > What's to say that the only way to get access to a system is through > hacking a user account? if he hacks apache, he is the httpd user, if he hacks sendmail, he is 'mail' If you are not a user, you are not logged in. IOr in reverse, as soon, as you can do anything on a box, you are a user in one way or another. > Exploits have existed (and probably does, if not in older code) that > uses /tmp, and the ability to execute things from that location, to get > access to more privileges. > So having /tmp mounted as noexec is a good security measure from these > kind of exploits. and I bet same exploits would work from /var/spool. > > > Also, he can disrupt your system, by just filling up /tmp. No code needed > > for that. > > And that is the exact reason for keeping "writable by all" locations on > separate filesystems, so that the damage can be limited and not make the > entire system unusable if someone decides to fill up a filesystem. if / is huge, it is much harder to fill up /tmp And if he can fill up /tmp completly, you are hosed anyway. So having it on its own partition does not save you from anything. It only makes it more likely, that at some point /tmp is too small and you need to make it bigger. -- gentoo-user@gentoo.org mailing list