Results 1 to 10 of 10
  1. #1
    Join Date
    May 2003
    Posts
    852

    How to know if tmp is noexec ?

    Hello

    just want to know how to check if the tmp is mounted as noexec

    ??

  2. #2
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    9,072
    Type:

    mount | grep tmp


    You should see noexec in the information it'll provide to you.
    RACK911 Labs | Penetration Testing | https://www.RACK911Labs.ca

    www.HostingSecList.com - Security Notices for the Hosting Community.

  3. #3
    Join Date
    Feb 2003
    Location
    Panorama City, CA
    Posts
    2,581
    cd /tmp
    vi execme

    type in
    echo HIIIIIIII

    quit vi

    chmod +x execme

    ./execme

    see what happens.
    Remote Hands and Your Local Tech for the Los Angeles area.

    (310) 573-8050 - LinkedIn

  4. #4
    Join Date
    May 2003
    Posts
    852
    thanks gusy

    I got this

    -bash: ./execme: Permission denied

  5. #5
    Join Date
    Dec 2005
    Location
    Planet Earth
    Posts
    24
    That verifies /tmp as noexec.
    When you say "I wrote a program that crashed Windows", people just stare at you blankly and say "Hey, I got those with the system, *for free*".

  6. #6
    Join Date
    Feb 2003
    Location
    Panorama City, CA
    Posts
    2,581
    Quote Originally Posted by cannibal View Post
    thanks gusy

    I got this

    -bash: ./execme: Permission denied
    your good to go!! :]
    Remote Hands and Your Local Tech for the Los Angeles area.

    (310) 573-8050 - LinkedIn

  7. #7
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,771
    mount output if /tmp is noexec will be as following.

    /dev/hda2 on /tmp type ext3 (rw,noexec,nosuid)
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

  8. #8
    Join Date
    Jun 2007
    Location
    Mid Michigan, USA
    Posts
    65
    It may be a good idea to ensure that fstab has the noexec option enabled for /tmp as well so that it mounts that way at boot.

  9. #9
    Join Date
    May 2003
    Posts
    852
    My fstab looks like this
    am I missing something ??

    PHP Code:
    # This file is edited by fstab-sync - see 'man fstab-sync' for details
    LABEL=/                 /                       ext3    defaults,usrquota        1 1
    LABEL
    =/boot             /boot                   ext3    defaults        1 2
    none                    
    /dev/pts                devpts  gid=5,mode=620  0 0
    none                    
    /dev/shm                tmpfs   defaults        0 0
    LABEL
    =/home             /home                   ext3    defaults,usrquota         1 2
    none                    
    /proc                   proc    defaults        0 0
    none                    
    /sys                    sysfs   defaults        0 0
    LABEL
    =/tmp              /tmp                    ext3    defaults        1 2
    LABEL
    =/usr              /usr                    ext3    defaults,usrquota        1 2
    LABEL
    =/var              /var                    ext3    defaults,usrquota        1 2
    LABEL
    =SWAP-sda6         swap                    swap    pri=0,defaults        0 0
    /tmp             /var/tmp                    ext3    defaults,bind,noauto        0 0
    /dev/tmpMnt             /tmp                    ext2    loop,noexec,nosuid,rw  0 0
    /dev/sdb1 /backup ext3 defaults 1 2 

  10. #10
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,134
    Keep in mind that mounting /tmp as noexec won't exactly solve much of anything.

    What do I mean? Well, take the example you were given here. You were told to simply type
    Code:
    ./execme
    . Of course, that's going to give you "permission denied". We all know that's going to happen, and a SMART hacker already knows this.

    Now, what if you tried instead
    Code:
    sh ./execme
    OOPS, your OS will (probably) allow this. Why? Because the binary called is not in /tmp, it resides elsewhere.

    The only thing this will stop is compiled binaries from working their magic. It will NOT stop 99% of the hacks out there, as most of these are perl (easily called from /tmp) or (ba)sh (again, easily called from/tmp).

    I'm not saying it's not good to secure /tmp, because that's an extra layer of security that may (or may not) stop what's going on here, and it's not that bad of a thing, but if you're going to do that, you need to look through other security measures as well, something to stop those things from calling /tmp files.
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •