Make World bombs with noexec on /tmp
sevn at dangpow.com
sevn at dangpow.com
Mon Sep 29 11:30:20 PDT 2003
Hey there,
It's common practice to mount /tmp noexec if you are a commercial
webhosting provider because 99 percent of all script kiddies won't know what to
do when they try to compile crap in /tmp. Make world apparently tries to exec
some code in /tmp specifically here:
mkdir -p /tmp/install.57568
for prog in [ awk cap_mkdb cat chflags chmod chown date echo egrep find grep
ln make makewhatis mkdir mtree mv perl pwd_mkdb rm sed sh sysctl test true
uname wc zic; do cp `which $prog` /tmp/install.57568; done
cd /usr/src; MAKEOBJDIRPREFIX=/usr/obj MACHINE_ARCH=i386 MACHINE=i386
OBJFORMAT_PATH=/usr/obj/usr/src/i386/usr/libexec
PERL5LIB=/usr/obj/usr/src/i386/usr/libdata/perl/5.00503
GROFF_BIN_PATH=/usr/obj/usr/src/i386/usr/bin
GROFF_FONT_PATH=/usr/obj/usr/src/i386/usr/share/groff_font
GROFF_TMAC_PATH=/usr/obj/usr/src/i386/usr/share/tmac
PATH=/usr/obj/usr/src/i386/usr/sbin:/usr/obj/usr/src/i386/usr/bin:/usr/obj/usr/s
rc/i386/usr/games:/tmp/install.57568 make -f Makefile.inc1 reinstall
make: permission denied
*** Error code 126
Stop in /usr/src.
*** Error code 1
Stop in /usr/src.
Not that this is that big of a deal. I'll kludge together a script that does a
remount dance with /tmp. I'm just wondering how smart it is to run stuff from
/tmp is all.
Best Regards,
7
More information about the freebsd-stable
mailing list