/tmp

[Scott C. Ripley]

hey all,

anyone get hassled by:
  - some web app is able to write to /tmp as nobody
  - able to run file as nobody user (say via perl) even with noexec on the
    partition  (because perl simply reads/executes the file in /tmp)

some googling suggests it's going around... with suggestions like:
  - have separate /tmp partition  (with noexec option on partition)
  - disable certain PHP functions (via php.ini)
  - (keep all your installed webapps patched/updated/etc.)
  - etc.

still a pain though... if anybody has a sure fire way to fight this... let me 
know?

thanks,

Scott





-- 
Scott C. Ripley                             Tel: 01.416.738.6357
Deucalion Technologies              Fax: 01.416.201.8922
614A The Queensway                  http://www.scottripley.com
Etobicoke, ON, M8Y 1K1              mailto:scott at scottripley.com
CANADA


The content of this electronic mail transmission is confidential.  
 
This transmission is intended solely for the use by the person(s) to
whom it was addressed.  All other recipients are hereby notified that
any use, copying, dissemination, or disclosure of this information is
strictly prohibited.  

--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml