Hi there!
/dev/shm is a volatile memory, which does not survive a reboot; hence it is
a prefered location for some hackers to place their evil code there and get
rid of evidences when an admin reboots the machine from a secure media
(e.g. a knoppix-cd) to perform further analysis.
My suggestion to prevent such attacks is to change the mount permissions
of /dev/shm per default. I can't imagine any reason why anyone should place
a temporary executeable there and start from there, except when doing
something evil.
So, please consider changing the defaults in /etc/fstab in
none /dev/shm tmpfs noexec,rw 0 0
Greetings,
Alex Puchmayr
--
gentoo-security@gentoo.org mailing list
/dev/shm is a volatile memory, which does not survive a reboot; hence it is
a prefered location for some hackers to place their evil code there and get
rid of evidences when an admin reboots the machine from a secure media
(e.g. a knoppix-cd) to perform further analysis.
My suggestion to prevent such attacks is to change the mount permissions
of /dev/shm per default. I can't imagine any reason why anyone should place
a temporary executeable there and start from there, except when doing
something evil.
So, please consider changing the defaults in /etc/fstab in
none /dev/shm tmpfs noexec,rw 0 0
Greetings,
Alex Puchmayr
--
gentoo-security@gentoo.org mailing list