Com fer /tmp noexec

Per a prevenir-se de possibles atacs d'scripts pujats des del web a la carpeta /tmp, una bona manera és fent que /tmp no sigui apta per a l'execució d'scripts.

Seguint les pases indicades a RimuHostin aconseguirem aplicar fàcilment aquesta mesura de seguretat.

# create a 10MB block device which will be the /tmp file system
cd /root
dd if=/dev/zero of=/root/tmpMnt bs=1024 count=10000
mkfs.ext3 -F /root/tmpMnt
# mount it at /tmp
mv /tmp /tmp.backup
mkdir /tmp
mount -o loop,noexec,nosuid,rw /root/tmpMnt /tmp
chmod 0777 /tmp
# make it so it is used on boot up
if ! grep -qai tmpMnt /etc/fstab ; then
echo "/root/tmpMnt /tmp ext3 loop,noexec,nosuid,rw 0 0" >> /etc/fstab
fi
# check your syntax is ok
mount -a
# check that programs in /tmp will not run
cp /bin/ls /tmp/
/tmp/ls