No executables in /tmp

Jeff Schroeder jeff at zingstudios.net
Mon Mar 27 15:28:31 MST 2006


Thanks for the confirmation, all... as I suspected, securing executables 
(err, scripts) in the /tmp directory is non-trivial.  However, I wonder 
if something like this would work:

1) Move the main Perl executable from /usr/bin/perl to, 
say, /usr/bin/perl-real.

2) Create a new file /usr/bin/perl that's a shell script:

#!/bin/bash
if [ -z "`echo $@ | grep ^/tmp`" ] && [ -z "`echo $PWD | grep ^/tmp`"];
  then /usr/bin/perl-real $@; fi

Basically this just takes the arguments to "perl blah blah" and checks 
whether the first one begins with "/tmp", then also checks whether /tmp 
is the current directory.  It would prevent things like

perl /tmp/my-evil-script.pl

and

cd /tmp ; perl my-evil-script.pl

Although it wouldn't stop

cat /tmp/my-evil-script.pl | perl

or even

perl /./tmp/my-evil-script.pl

Of course, the whole intent of these shenanigans is to prevent automated 
cracks from succeeding.  The ones I've seen tend to save a file in /tmp 
and then just run Perl against it.  I think this would stop those guys 
cold.

Any thoughts?  Comments?  Am I missing something obvious?

(Naturally I'm nervous about doing something like replacing the system 
Perl command with a hack of a shell script...)

Thanks,
Jeff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : http://plug.org/pipermail/plug/attachments/20060327/462623b9/attachment.bin 


More information about the PLUG mailing list