No executables in /tmp
mike at halcrow.us
Mon Mar 27 20:35:12 MST 2006
On Mon, Mar 27, 2006 at 04:53:49PM -0700, Jeff Schroeder wrote:
> The catalyst that began all this is some PHP apps installed on my
> servers (by web hosting customers) are vulnerable... phpBB is a
> particularly big offender. There are well-known exploits that allow
> a file to be saved to /tmp and run via the Perl interpreter.
You need SE Linux.
You can assign a type to a script, and then require that whatever
interprets that script have to first enter into the requisite
domain. Using SE Linux, the idea is that if an attacker generates a
new file in /tmp, that file will not be labeled correctly, and so no
process will not be allowed to execute it.
Meanwhile, all the scripts that are labeled will still be executable
according to the system's policy.
Lots of folks criticize SE Linux as being ``too complex.'' I tend to
agree with Stephen Smalley, that SE Linux simply exposes the existing
complexity of a complete Linux operating environment, and it provides
a powerful tool for managing the security of that system to whatever
degree you require.
It really is a trade-off between security and usability. Beware that
hiding the complexity of a system for the mere sake of usability can
lead to subtle security vulnerabilities, rendering the security
mechanism ultimately useless.
Michael A. Halcrow
Security Software Engineer, IBM Linux Technology Center
GnuPG Fingerprint: 419C 5B1E 948A FA73 A54C 20F5 DB40 8531 6DCA 8769
"To prohibit sharing software is to cut the bonds of society."
- Richard Stallman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 481 bytes
Desc: Digital signature
Url : http://plug.org/pipermail/plug/attachments/20060327/9f9bdcc6/attachment.bin
More information about the PLUG