Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Is /tmp secure?

Discussion in 'General Discussion' started by Eli L, Apr 25, 2012.

  1. Eli L

    Eli L Well-Known Member

    Joined:
    Aug 9, 2007
    Messages:
    61
    Likes Received:
    1
    Trophy Points:
    58
    Location:
    Bellingham, Washington, United States
    cPanel Access Level:
    Root Administrator
    I just got a new server and have mounted my /tmp with "noexec,nosuid,nodev" but when I create a simple hello.sh file and run it in /tmp with "sh hello.sh" it executes fine. Its only denied when I run it as "./hello.sh".

    Does this mean the partition is not secure?

    Heres my stuff:

    Code:
    root@tesla [~]# mount
    /dev/sda5 on / type ext4 (rw,usrquota)
    proc on /proc type proc (rw)
    sysfs on /sys type sysfs (rw)
    devpts on /dev/pts type devpts (rw,gid=5,mode=620)
    tmpfs on /dev/shm type tmpfs (rw,noexec,nosuid,nodev)
    /dev/sda1 on /boot type ext4 (rw)
    /dev/sda3 on /tmp type ext4 (rw,noexec,nosuid,nodev)
    none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
    /tmp on /var/tmp type none (rw,noexec,nosuid,bind)
    Code:
    root@tesla [~]# cat /etc/fstab
    
    #
    # /etc/fstab
    # Created by anaconda on Tue Apr 24 21:49:48 2012
    #
    # Accessible filesystems, by reference, are maintained under '/dev/disk'
    # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
    #
    UUID=3f56f89a-4b36-474d-9b24-94a4aef85ea2	/	ext4	defaults,usrquota	1	1
    UUID=980791a7-58bf-4ea0-a8ea-87f5af5e98a0 /boot                   ext4    defaults        1 2
    UUID=5c17fa0e-55c7-4e4d-94a7-64c4791cfc32 /tmp                    ext4    defaults,nosuid,noexec,nodev        1 2
    UUID=21796b13-61dd-4d7c-a2a5-2c93067ce1a1 swap                    swap    defaults        0 0
    tmpfs                   /dev/shm                tmpfs   defaults,nosuid,noexec,nodev        0 0
    devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
    sysfs                   /sys                    sysfs   defaults        0 0
    proc                    /proc                   proc    defaults        0 0
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. NetMantis

    NetMantis BANNED

    Joined:
    Apr 22, 2012
    Messages:
    116
    Likes Received:
    1
    Trophy Points:
    66
    Location:
    Utah
    cPanel Access Level:
    DataCenter Provider
    The partition is working correctly. What you have here is you found a loophole.

    Calling the script file directly, you are running the script as a shell script which of course gets denied but when you prefix with the shell program "sh", it's technically not a script file but rather just a text file just being interpreted by a shell processor which requires no execute permissions to run because it's "not a script".

    That could potentially be a very substantial security problem.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice