[Gllug] apt/dpkg woes
Pete Ryland
pdr at pdr.cx
Thu Jun 28 09:58:55 UTC 2007
On 27/06/07, Russell Howe <rhowe at siksai.co.uk> wrote:
> On Wed, Jun 27, 2007 at 08:11:09PM +0100, Tethys wrote:
> > We have a winner -- /var was mounted noexec. It's a simple security
> > measure, intended to stop a malicious intruder from making a temporary
> > file in /var and running it. However, it tends to be foiled if your
> > package manager relies on being able to run scripts there. Ho hum...
The location of that directory is configurable. Where do you think
would be a better location for it?
> Not to mention wanting to run scripts from /tmp...
Next you'll want to have /home noexec too! :-)
In any case, an attacker wanting to run a script from these places can
still just run "sh scriptname" anyway.
Pete
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list