Most often /tmp under Linux is used for programs/scripts on execution time to
store temporary data which is in general fine … but to allow all users/programs/scripts
exactly this! can also cause in exploiding your system.
The nature of our Servers today is to serve us with a lot of features,
so we have instead of one dedicated server, one server for a lot of services,
where each can have serious security vulnerabilitys.
So we can have 2 Problems, one is the setuid the other is the executeable bit
inside the tmp directory.
Okay what can we do to avoid this, but on the other hand allow all other functionality?
My suggestion is to create an image file as a loop device, so that you can mount it
with mount options loop (of course) noexec and nosuid.
Here we go, you can vary the count size, to your system needs,
something between 250 and 512MB should fit for default servers.
I’ll take here 512MB.
dd if=/dev/zero of=/dev/tmpfs bs=1024 count=512000 /sbin/mkfs.ext3 /dev/tmpfs
Okay now the question, can you restart the machine ? If yes, no problem,
add the following entry to /etc/fstab and reboot.
/dev/tmpfs /tmp ext3 loop,nosuid,noexec,rw 0 0
What you could do, before you mount/restart (just in case) you could
copy old data from old /tmp to new /tmp.
So make a backup of /tmp
cp -Rpf /tmp /tmp_backup
Mount newly created tmp loopback image
mount -o loop,noexec,nosuid,rw /dev/tmpfs /tmp
Afterwards we have to change Permissions:
chmod 1777 /tmp
And we copy the data from /tmp_backup back to /tmp
cp -Rpf /tmp_backup/* /tmp/
Voila, now you can try to execute something in /tmp … that should not work,
even when you copy a binary from /usr/bin.