/tmp should be mounted noexec,nosuid
Bug #304959 reported by
Craig
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
debian-installer (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Many vulnerabilities involve the attacker somehow getting a file into /tmp then executing it. A way to mitigate the risk of such an attack is to mount /tmp noexec,nosuid. This security is especially important on web servers.
To post a comment you must log in.
Since Ubuntu doesn't have a dedicated mount of /tmp, the following commands can be used:
# mount -o bind /tmp /tmp
# mount -o remount,bind,nosuid /tmp /tmp