On 02/04/2017 12:20 PM, Lew Pitcher wrote: > It doesn't take root access to write a file to /tmp > In fact, /tmp is specifically set up to allow /any/ user to create /any/ file > or directory in it. > > Witness: > <snip> > > guest@bitsie:~$ chmod a+x /tmp/dothis > > Hey! I've even made the file executable
If I'm not mistaken I used to make /tmp a different partition when I managed uni lab computers and I would mount it as noexec. I also made sure that removable media was always mounted as noexec. The main reason for the latter was that ownership and permissions bits were blindly honored on mounted file systems and there's no way we would allow someone to bring a setuid command into our lab computers through a floppy, cd, or usb stick (heck it was probably zip drives back then). -- https://mail.python.org/mailman/listinfo/python-list