Date: Mon, 29 Sep 2003 11:27:42 -0700 (MST) From: <sevn@dangpow.com> To: freebsd-stable@freebsd.org Subject: Make World bombs with noexec on /tmp Message-ID: <XFMail.20030929112742.sevn@dangpow.com>
next in thread | raw e-mail | index | archive | help
Hey there,
It's common practice to mount /tmp noexec if you are a commercial
webhosting provider because 99 percent of all script kiddies won't know what to
do when they try to compile crap in /tmp. Make world apparently tries to exec
some code in /tmp specifically here:
mkdir -p /tmp/install.57568
for prog in [ awk cap_mkdb cat chflags chmod chown date echo egrep find grep
ln make makewhatis mkdir mtree mv perl pwd_mkdb rm sed sh sysctl test true
uname wc zic; do cp `which $prog` /tmp/install.57568; done
cd /usr/src; MAKEOBJDIRPREFIX=/usr/obj MACHINE_ARCH=i386 MACHINE=i386
OBJFORMAT_PATH=/usr/obj/usr/src/i386/usr/libexec
PERL5LIB=/usr/obj/usr/src/i386/usr/libdata/perl/5.00503
GROFF_BIN_PATH=/usr/obj/usr/src/i386/usr/bin
GROFF_FONT_PATH=/usr/obj/usr/src/i386/usr/share/groff_font
GROFF_TMAC_PATH=/usr/obj/usr/src/i386/usr/share/tmac
PATH=/usr/obj/usr/src/i386/usr/sbin:/usr/obj/usr/src/i386/usr/bin:/usr/obj/usr/s
rc/i386/usr/games:/tmp/install.57568 make -f Makefile.inc1 reinstall
make: permission denied
*** Error code 126
Stop in /usr/src.
*** Error code 1
Stop in /usr/src.
Not that this is that big of a deal. I'll kludge together a script that does a
remount dance with /tmp. I'm just wondering how smart it is to run stuff from
/tmp is all.
Best Regards,
7
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.20030929112742.sevn>