From owner-freebsd-stable@FreeBSD.ORG Mon Sep 29 11:30:20 2003 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3D24E16A4B3 for ; Mon, 29 Sep 2003 11:30:20 -0700 (PDT) Received: from 100m.mpr200-2.esr.lvcm.net (100m.mpr200-2.esr.lvcm.net [24.234.0.81]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8D66444028 for ; Mon, 29 Sep 2003 11:30:11 -0700 (PDT) (envelope-from sevn@dangpow.com) Received: from vicious (ip68-104-88-107.lv.lv.cox.net [68.104.88.107]) by 100m.mpr200-2.esr.lvcm.net (Mirapoint Messaging Server MOS 2.9.3.5) with ESMTP id BBY44941; Mon, 29 Sep 2003 11:27:43 -0700 (PDT) From: Message-ID: X-Mailer: XFMail 1.5.4 on Linux X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 Date: Mon, 29 Sep 2003 11:27:42 -0700 (MST) Sender: sawilson@vicious.FreeBSD.ORG To: freebsd-stable@freebsd.org Subject: Make World bombs with noexec on /tmp X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Sep 2003 18:30:20 -0000 Hey there, It's common practice to mount /tmp noexec if you are a commercial webhosting provider because 99 percent of all script kiddies won't know what to do when they try to compile crap in /tmp. Make world apparently tries to exec some code in /tmp specifically here: mkdir -p /tmp/install.57568 for prog in [ awk cap_mkdb cat chflags chmod chown date echo egrep find grep ln make makewhatis mkdir mtree mv perl pwd_mkdb rm sed sh sysctl test true uname wc zic; do cp `which $prog` /tmp/install.57568; done cd /usr/src; MAKEOBJDIRPREFIX=/usr/obj MACHINE_ARCH=i386 MACHINE=i386 OBJFORMAT_PATH=/usr/obj/usr/src/i386/usr/libexec PERL5LIB=/usr/obj/usr/src/i386/usr/libdata/perl/5.00503 GROFF_BIN_PATH=/usr/obj/usr/src/i386/usr/bin GROFF_FONT_PATH=/usr/obj/usr/src/i386/usr/share/groff_font GROFF_TMAC_PATH=/usr/obj/usr/src/i386/usr/share/tmac PATH=/usr/obj/usr/src/i386/usr/sbin:/usr/obj/usr/src/i386/usr/bin:/usr/obj/usr/s rc/i386/usr/games:/tmp/install.57568 make -f Makefile.inc1 reinstall make: permission denied *** Error code 126 Stop in /usr/src. *** Error code 1 Stop in /usr/src. Not that this is that big of a deal. I'll kludge together a script that does a remount dance with /tmp. I'm just wondering how smart it is to run stuff from /tmp is all. Best Regards, 7