/tmp should be mounted noexec,nosuid

Since Ubuntu doesn't have a dedicated mount of /tmp, the following commands can be used:

# mount -o bind /tmp /tmp
# mount -o remount,bind,nosuid /tmp /tmp

Thanks for your suggestion. As you noted, Ubuntu doesn't create a partition for /tmp, and unfortunately binding and remounting the tmp directory doesn't prevent users from executing files.

$ sudo mount -o bind /tmp /tmp
$ sudo mount -o remount,bind,nosuid /tmp /tmp
$ echo '#!/bin/echo' > foo
$ chmod +x foo
$ ./foo
./foo

The mount manual page explains this:

"Note that the filesystem mount options will remain the same as those on the original mount point, and cannot be changed by passing the -o option along with --bind/--rbind."

I'm marking this bug as invalid because it's not something we can currently impliment.

Thank You,

-Dave

The "nosuid" part of this is fixed, as of 12.04 Precise, if not sooner. I've tried noexec, but package installations fail. No, I don't remember which ones.

This also applies to /var/tmp/ and to /dev/shm/

Temporary storage directories such as /tmp and /dev/shm potentially provide storage space for malicious exe-
cutables. Although mount options options cannot prevent interpreted code stored there from getting executed
by a program in another partition, using certain mount options can be disruptive to malicious code.

CCE 14412-1, 14940-1, 14927-8

http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf
Section 2.2.1.3