[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SuSE webserver



Philippe Vogel wrote:
> /dev/hda6      /tmp           ext2 rw,nosuid,nodev,noexec 1 2

Mounting /tmp as "noexec" could break stuff. Although I agree that nobody should run _any_ programs from /tmp, I have seen 2 programs that do expect stuff in /tmp to be executable.


> 4) Use secumod to prevent creation of sym- and hardlinks. There are
> other kernelpatches/-modules out there doing the same.

You should definitely NOT use secumod for that. I once tried it out and it crashed as soon as I got some heavy disk I/O. When I reported this to SuSE they said "Hm, we do not support this module anymore... the code is totally broken." which says everything.


nordi


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here