(dv):Noexec and /tmp troubleshooting
- This page was last modified on December 15, 2010, at 18:58.
From (mt) Community Wiki
Contents |
Many simple exploits that are used against machines, (via vulnerable PHP applications or local users, etc), rely upon being able to execute commands in /tmp. As a security precaution, /tmp is mounted with noexec. This is a good thing and should generally stay this way. There are some circumstances where you may need to have /tmp executable.
Instructions
You can remount /tmp to make it executable by issuing the following command:
mount -o remount,exec /tmp
Once you're done, it's good practice to set /tmp back to noexec:
mount -o remount,noexec /tmp
If you are using the C compiler, you may also need to remount /var/tmp. Otherwise, you may get an error similar to the following:
checking whether the C compiler works... configure: error: cannot run C compiled programs.
The command to remount both /tmp and /var/tmp with exec is as follows:
mount -o remount,exec /tmp /var/tmp
And to remount with noexec:
mount -o remount,noexec /tmp /var/tmp
Chrooted /tmp directory
There is also a new method that should that ensures that no processes currently accessing /tmp are interrupted in any way. This also ensures that your /tmp that allows execution is never accessible to currently running processes. This limits your exposure to possible exploits.
First, create a chrooted environment that contains a tmp directory that allows file execution:
root@ve01:~# mkdir -p /root/chroot /root/tmp root@ve01:~# mount --bind / /root/chroot root@ve01:~# mount --bind /root/tmp /root/chroot/tmp root@ve01:~#
Next chroot into the environment you created.
root@ve01:~# chroot /root/chroot root@ve01:/#
At this point, you are in the chrooted environment and can run any commands you need to. When you are done, simply type the command 'exit'.
root@ve01:/# exit exit root@ve01:~#
Now you are back to your normal environment.