[Gllug] apt/dpkg woes

Pete Ryland pdr at pdr.cx
Thu Jun 28 09:58:55 UTC 2007

On 27/06/07, Russell Howe <rhowe at siksai.co.uk> wrote:
> On Wed, Jun 27, 2007 at 08:11:09PM +0100, Tethys wrote:
> > We have a winner -- /var was mounted noexec. It's a simple security
> > measure, intended to stop a malicious intruder from making a temporary
> > file in /var and running it. However, it tends to be foiled if your
> > package manager relies on being able to run scripts there. Ho hum...

The location of that directory is configurable.  Where do you think
would be a better location for it?

> Not to mention wanting to run scripts from /tmp...

Next you'll want to have /home noexec too! :-)

In any case, an attacker wanting to run a script from these places can
still just run "sh scriptname" anyway.

Gllug mailing list  -  Gllug at gllug.org.uk

More information about the GLLUG mailing list