my server was cracked; now what?
Fraser Campbell
fraser-eicrhRFjby5dCsDujFhwbypxlwaOVQ5f at public.gmane.org
Tue Jul 18 14:59:55 UTC 2006
Vlad wrote:
> Third... wait. Did they change the perms on /tmp, thereby
> breaking more things than can be imagined?
If they mounted it noexec that would be enough to stop most attackers from
running stuff under /tmp - most, it's not impossible. Of course he said
permissions, the answer is vague enough to be scary.
I often set up my Debian systems with /tmp and /var noexec, no problems. A
minor issue is that if you set up apt to ask all config questions up front
then, dpkg (or debconf?) will run some preconfigure scripts from /tmp but
it fails gracefully so no issues.
--
Fraser Campbell <fraser-Txk5XLRqZ6CsTnJN9+BGXg at public.gmane.org> http://www.wehave.net/
Georgetown, Ontario, Canada Debian GNU/Linux
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list