[lug] Signs of hacking (was ARRG! Change One Little Thing And... HACKED?
Michael Belanger
mrb at ciclops.org
Tue Aug 16 11:46:26 MDT 2005
Bear Giles wrote:
> Michael Belanger wrote:
>
>>Remember to only allow exec and suid from valid filesystems like /usr.
>>DONT let TMP do suid or exec!! This is the easiest path towards rootkit.
>>
>> /tmp loop,noexec,nosuid,rw
>
>
> Some package installers break if /tmp has noexec set. They try to
> be clever and use a meta-installer that builds the actual
> installer on the fly.
>
Use an alternate package installer?
> I would use the tmpfs device instead of looping to a real file.
> That way you're 100% certain that the directory is purged after
> every reboot.
Brilliant.. I will be doing this as well.
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
--
More information about the LUG
mailing list