Date: Mon, 25 Jul 2005 16:13:44 -0700 From: Roman Volf <volfman@keystreams.com> To: Thomas Krause <freebsd-isp@chef-ingenieur.de>, freebsd-isp@freebsd.org Subject: Re: preventing a user to start a process Message-ID: <42E57228.6010506@keystreams.com> In-Reply-To: <42E57187.50503@chef-ingenieur.de> References: <42E54654.1090705@chef-ingenieur.de> <42E549E7.4070606@centtech.com> <42E57187.50503@chef-ingenieur.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Thomas Krause wrote: > > the daemon was > - downloaded > - extracted > - started > > by user www in dir /var/tmp, which has permission 1777 > > Regards, > Thomas. > remount /tmp with nosuid,noexec flags. rm -rf /var/tmp ln -s /tmp /var/tmp This will prevent a program from being executed from /tmp. However, if they upload a perl script they can still execute perl /tmp/script. -- Roman Volf Keystreams Internet Solutions volfman@keystreams.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42E57228.6010506>