[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SuSE webserver

Philippe Vogel wrote:
> /dev/hda6      /tmp           ext2 rw,nosuid,nodev,noexec 1 2

Mounting /tmp as "noexec" could break stuff. Although I agree that nobody should run _any_ programs from /tmp, I have seen 2 programs that do expect stuff in /tmp to be executable.

> 4) Use secumod to prevent creation of sym- and hardlinks. There are
> other kernelpatches/-modules out there doing the same.

You should definitely NOT use secumod for that. I once tried it out and it crashed as soon as I got some heavy disk I/O. When I reported this to SuSE they said "Hm, we do not support this module anymore... the code is totally broken." which says everything.


Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here