/tmp
Peter
plp-ysDPMY98cNQDDBjDh4tngg at public.gmane.org
Mon May 29 14:18:46 UTC 2006
On Mon, 29 May 2006, John Van Ostrand wrote:
> On Thu, 2006-05-25 at 20:09 -0400, Scott C. Ripley wrote:
>
>> hey all,
>>
>> anyone get hassled by:
>> - some web app is able to write to /tmp as nobody
>> - able to run file as nobody user (say via perl) even with noexec on the
>> partition (because perl simply reads/executes the file in /tmp)
>>
>> some googling suggests it's going around... with suggestions like:
>> - have separate /tmp partition (with noexec option on partition)
>> - disable certain PHP functions (via php.ini)
>> - (keep all your installed webapps patched/updated/etc.)
>> - etc.
>>
>> still a pain though... if anybody has a sure fire way to fight this... let me
>> know?
chroot ?
Peter
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list