No executables in /tmp

Bryan Sant bryan.sant at gmail.com
Mon Mar 27 15:41:47 MST 2006


On 3/27/06, Jeff Schroeder <jeff at zingstudios.net> wrote:
> #!/bin/bash
> if [ -z "`echo $@ | grep ^/tmp`" ] && [ -z "`echo $PWD | grep ^/tmp`"];
>   then /usr/bin/perl-real $@; fi
>
> Basically this just takes the arguments to "perl blah blah" and checks
> whether the first one begins with "/tmp", then also checks whether /tmp
> is the current directory.  It would prevent things like
>
> perl /tmp/my-evil-script.pl
>
> and
>
> cd /tmp ; perl my-evil-script.pl
>
> Although it wouldn't stop
>
> cat /tmp/my-evil-script.pl | perl
>
> or even
>
> perl /./tmp/my-evil-script.pl
>
> Of course, the whole intent of these shenanigans is to prevent automated
> cracks from succeeding.  The ones I've seen tend to save a file in /tmp
> and then just run Perl against it.  I think this would stop those guys
> cold.
>
> Any thoughts?  Comments?  Am I missing something obvious?

Well if we're accepting hacks then what about something like:

#!/bin/bash
lsof -u $USER
if [ -z "`lsof -p $$ | awk '{print $9}' | grep ^/tmp`" ] && [ -z
"`echo $PWD | grep ^/tmp`"];
then /usr/bin/perl-real $@; fi

:-)

-Bryan



More information about the PLUG mailing list