[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SuSE webserver

To: "suse-security@xxxxxxxx" <suse-security@xxxxxxxx>
Subject: Re: [suse-security] SuSE webserver
From: nordi <nordi@xxxxxxxxx>
Date: Wed, 14 Jul 2004 14:39:29 +0200
Delivered-to: mailing list suse-security@xxxxxxxx
In-reply-to: <40F4D0F9.1070203@xxxxxxxxxx>
List-help: <mailto:suse-security-help@suse.com>
List-post: <mailto:suse-security@suse.com>
List-subscribe: <mailto:suse-security-subscribe@suse.com>
List-unsubscribe: <mailto:suse-security-unsubscribe-suse=archive.cert.uni-stuttgart.de@suse.com>
Mailing-list: contact suse-security-help@xxxxxxxx; run by ezmlm
References: <ICELJOHAGNAFJPFMMBKOMENACMAA.thomas.knight@xxxxxxxxxx> <40F43D32.3070201@xxxxxxxxxxx> <40F4551F.2010706@xxxxxxxxx> <40F456B4.6020705@xxxxxxxxxxx> <40F46279.2020009@xxxxxxxxx> <40F46E9C.1080004@xxxxxxxxxxx> <20040714002339.5yo4k8048oo0ksg4@xxxxxx> <40F4D0F9.1070203@xxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113

Philippe Vogel wrote:
> /dev/hda6      /tmp           ext2 rw,nosuid,nodev,noexec 1 2

Mounting /tmp as "noexec" could break stuff. Although I agree thatnobody should run _any_ programs from /tmp, I have seen 2 programs thatdo expect stuff in /tmp to be executable.



> 4) Use secumod to prevent creation of sym- and hardlinks. There are
> other kernelpatches/-modules out there doing the same.

You should definitely NOT use secumod for that. I once tried it out andit crashed as soon as I got some heavy disk I/O. When I reported this toSuSE they said "Hm, we do not support this module anymore... the code istotally broken." which says everything.



nordi


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

Follow-Ups:
- Re: [suse-security] SuSE webserver
  - From: Stefan Fritsch

References:
- RE: [suse-security] SuSE webserver
  - From: Tom Knight
- Re: [suse-security] SuSE webserver
  - From: John Richard Moser
- Re: [suse-security] SuSE webserver
  - From: nordi
- Re: [suse-security] SuSE webserver
  - From: John Richard Moser
- Re: [suse-security] SuSE webserver
  - From: nordi
- Re: [suse-security] SuSE webserver
  - From: John Richard Moser
- Re: [suse-security] SuSE webserver
  - From: suse
- Re: [suse-security] SuSE webserver
  - From: Philippe Vogel

Prev by Date: Re: [suse-security] SuSE webserver
Next by Date: Re: [suse-security] SuSE webserver
Previous by thread: Re: [suse-security] SuSE webserver
Next by thread: Re: [suse-security] SuSE webserver
Index(es):
- Date
- Thread