The Community Forums

Interact with an entire community of cPanel & WHM users.
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is /tmp secure?

Discussion in 'General Discussion' started by Eli L, Apr 25, 2012.

  1. Eli L

    Eli L Well-Known Member

    Aug 9, 2007
    Likes Received:
    Trophy Points:
    Bellingham, Washington, United States
    cPanel Access Level:
    Root Administrator
    I just got a new server and have mounted my /tmp with "noexec,nosuid,nodev" but when I create a simple file and run it in /tmp with "sh" it executes fine. Its only denied when I run it as "./".

    Does this mean the partition is not secure?

    Heres my stuff:

    root@tesla [~]# mount
    /dev/sda5 on / type ext4 (rw,usrquota)
    proc on /proc type proc (rw)
    sysfs on /sys type sysfs (rw)
    devpts on /dev/pts type devpts (rw,gid=5,mode=620)
    tmpfs on /dev/shm type tmpfs (rw,noexec,nosuid,nodev)
    /dev/sda1 on /boot type ext4 (rw)
    /dev/sda3 on /tmp type ext4 (rw,noexec,nosuid,nodev)
    none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
    /tmp on /var/tmp type none (rw,noexec,nosuid,bind)
    root@tesla [~]# cat /etc/fstab
    # /etc/fstab
    # Created by anaconda on Tue Apr 24 21:49:48 2012
    # Accessible filesystems, by reference, are maintained under '/dev/disk'
    # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
    UUID=3f56f89a-4b36-474d-9b24-94a4aef85ea2	/	ext4	defaults,usrquota	1	1
    UUID=980791a7-58bf-4ea0-a8ea-87f5af5e98a0 /boot                   ext4    defaults        1 2
    UUID=5c17fa0e-55c7-4e4d-94a7-64c4791cfc32 /tmp                    ext4    defaults,nosuid,noexec,nodev        1 2
    UUID=21796b13-61dd-4d7c-a2a5-2c93067ce1a1 swap                    swap    defaults        0 0
    tmpfs                   /dev/shm                tmpfs   defaults,nosuid,noexec,nodev        0 0
    devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
    sysfs                   /sys                    sysfs   defaults        0 0
    proc                    /proc                   proc    defaults        0 0
  2. NetMantis

    NetMantis BANNED

    Apr 22, 2012
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    DataCenter Provider
    The partition is working correctly. What you have here is you found a loophole.

    Calling the script file directly, you are running the script as a shell script which of course gets denied but when you prefix with the shell program "sh", it's technically not a script file but rather just a text file just being interpreted by a shell processor which requires no execute permissions to run because it's "not a script".

    That could potentially be a very substantial security problem.

Share This Page