/tmp should be mounted with nodev, nosuid, and noexec
Bug #1040179 reported by
Fred
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
debian-installer (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
The default configuration is insecure because /tmp/ and /var/tmp/ is world-writable and can have files executed.
Temporary storage directories such as /tmp and /dev/shm potentially provide storage space for malicious exe-
cutables. Although mount options options cannot prevent interpreted code stored there from getting executed
by a program in another partition, using certain mount options can be disruptive to malicious code.
CCE 14412-1, 14940-1, 14927-8
visibility: | private → public |
To post a comment you must log in.