[lug] Signs of hacking (was ARRG! Change One Little Thing And... HACKED?

Michael Belanger mrb at ciclops.org
Tue Aug 16 11:46:26 MDT 2005


Bear Giles wrote:
> Michael Belanger wrote:
> 
>>Remember to only allow exec and suid from valid filesystems like /usr. 
>>DONT let TMP do suid or exec!! This is the easiest path towards rootkit.
>>
>> /tmp       loop,noexec,nosuid,rw
> 
> 
> Some package installers break if /tmp has noexec set.  They try to
> be clever and use a meta-installer that builds the actual
> installer on the fly.
> 

Use an alternate package installer?


> I would use the tmpfs device instead of looping to a real file.
> That way you're 100% certain that the directory is purged after
> every reboot.

Brilliant.. I will be doing this as well.




> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug


-- 



More information about the LUG mailing list