From owner-freebsd-isp@FreeBSD.ORG  Mon Jul 25 23:13:48 2005
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
X-Original-To: freebsd-isp@freebsd.org
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7AE4E16A41F
	for <freebsd-isp@freebsd.org>; Mon, 25 Jul 2005 23:13:48 +0000 (GMT)
	(envelope-from volfman@keystreams.com)
Received: from mailbox.keystreams.com (mailbox.keystreams.com [207.158.28.37])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0A97E43D46
	for <freebsd-isp@freebsd.org>; Mon, 25 Jul 2005 23:13:47 +0000 (GMT)
	(envelope-from volfman@keystreams.com)
Received: (qmail 91296 invoked by uid 1012); 25 Jul 2005 16:10:29 -0700
Received: from 10.8.0.6 by mail.keystreams.com (envelope-from
	<volfman@keystreams.com>, uid 1009) with qmail-scanner-1.25-st-qms 
	(ClamAV 0.86.1. spamassassin: 3.0.4. perlscan: 1.25-st-qms.   
	Clear:RC:1(10.8.0.6):. 
	Processed in 0.050223 secs); 25 Jul 2005 23:10:29 -0000
X-Antivirus-Keystreams-Mail-From: volfman@keystreams.com via
	mail.keystreams.com
X-Antivirus-Keystreams: 1.25-st-qms (Clear:RC:1(10.8.0.6):. Processed in
	0.050223 secs Process 91290)
Received: from unknown (HELO ?10.8.0.6?) (volfman@keystreams.com@10.8.0.6)
	by mailbox.keystreams.com with AES256-SHA encrypted SMTP;
	25 Jul 2005 16:10:29 -0700
Message-ID: <42E57228.6010506@keystreams.com>
Date: Mon, 25 Jul 2005 16:13:44 -0700
From: Roman Volf <volfman@keystreams.com>
User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Thomas Krause <freebsd-isp@chef-ingenieur.de>, 
 freebsd-isp@freebsd.org
References: <42E54654.1090705@chef-ingenieur.de>	<42E549E7.4070606@centtech.com>
	<42E57187.50503@chef-ingenieur.de>
In-Reply-To: <42E57187.50503@chef-ingenieur.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: 
Subject: Re: preventing a user to start a process
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jul 2005 23:13:48 -0000

Thomas Krause wrote:

>
> the daemon was
> - downloaded
> - extracted
> - started
>
> by user www in dir /var/tmp, which has permission 1777
>
> Regards,
> Thomas.
>
remount /tmp with nosuid,noexec flags.
rm -rf /var/tmp
ln -s /tmp /var/tmp

This will prevent a program from being executed from /tmp. However, if 
they upload a perl script they can still execute perl /tmp/script.


-- 
Roman Volf
Keystreams Internet Solutions
volfman@keystreams.com