3 Replies Latest reply: May 2, 2013 5:22 AM by Catch-22 RSS

    noexec option in fstab problem

    Grjozs
      Hello!

      In order to prevent potentially providing storage space for malicious executables, I added the noexec option to /tmp directory in file /etc/fstab
      The problem is, that now it prevents me from installing stuff myself for example when trying to execute .bin, it's extracted into /tmp and when the contained installation file is being executed, i get a Permission denied error.
      Does anyone have a suggestion how to keep my system safe and not to stumble on such problem? Can I change the extraction point of current .bin or something like that, or should I just remove the option from fstab?

      Thanks,
      Pavels
        • 1. Re: noexec option in fstab problem
          Tommyreynolds-Oracle
          Does anyone have a suggestion how to keep my system safe and not to stumble on such problem? Can I change the extraction point of current .bin or something like that, or should I just remove the option from fstab?
          I think you are being a bit too paranoid here; remove "noexec" from the fstab.

          However, if you want to keep it, most programs use the shell environment variables ${TMP} or ${TMPDIR} to determine where temporary files should go.
          $ TMP=${HOME}/tmp app args...
          should let you place the temporary files where you like.
          • 2. Re: noexec option in fstab problem
            Grjozs
            TommyReynolds wrote:
            I think you are being a bit too paranoid here; remove "noexec" from the fstab.
            May be ;] Our organisation, start realase NSA RHEL Guide V.4.2 to life . And there is point about /tmp .
            • 3. Re: noexec option in fstab problem
              Catch-22
              The noexec mount option will prevent the execution of a program from the named mount point. To mount /tmp with the noexec option is not a bad idea from a security standpoint, but it is not standard and hence incompatible with software that is storing any programs in /tmp. There are only 2 options, don't use noexec when mounting /tmp, or don't use any software that stores executable files in /tmp. There is no way to tell whether any attempt to use /tmp to store executable code is legitimate or not.