This discussion is archived
3 Replies Latest reply: May 2, 2013 3:22 AM by Dude! RSS

noexec option in fstab problem

Grez Newbie
Currently Being Moderated
Hello!

In order to prevent potentially providing storage space for malicious executables, I added the noexec option to /tmp directory in file /etc/fstab
The problem is, that now it prevents me from installing stuff myself for example when trying to execute .bin, it's extracted into /tmp and when the contained installation file is being executed, i get a Permission denied error.
Does anyone have a suggestion how to keep my system safe and not to stumble on such problem? Can I change the extraction point of current .bin or something like that, or should I just remove the option from fstab?

Thanks,
Pavels
  • 1. Re: noexec option in fstab problem
    TommyReynolds Expert
    Currently Being Moderated
    Does anyone have a suggestion how to keep my system safe and not to stumble on such problem? Can I change the extraction point of current .bin or something like that, or should I just remove the option from fstab?
    I think you are being a bit too paranoid here; remove "noexec" from the fstab.

    However, if you want to keep it, most programs use the shell environment variables ${TMP} or ${TMPDIR} to determine where temporary files should go.
    $ TMP=${HOME}/tmp app args...
    should let you place the temporary files where you like.
  • 2. Re: noexec option in fstab problem
    Grez Newbie
    Currently Being Moderated
    TommyReynolds wrote:
    I think you are being a bit too paranoid here; remove "noexec" from the fstab.
    May be ;] Our organisation, start realase NSA RHEL Guide V.4.2 to life . And there is point about /tmp .
  • 3. Re: noexec option in fstab problem
    Dude! Guru
    Currently Being Moderated
    The noexec mount option will prevent the execution of a program from the named mount point. To mount /tmp with the noexec option is not a bad idea from a security standpoint, but it is not standard and hence incompatible with software that is storing any programs in /tmp. There are only 2 options, don't use noexec when mounting /tmp, or don't use any software that stores executable files in /tmp. There is no way to tell whether any attempt to use /tmp to store executable code is legitimate or not.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points