From owner-freebsd-questions@FreeBSD.ORG  Mon Aug  7 18:28:52 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A284416A4DF
	for <freebsd-questions@freebsd.org>;
	Mon,  7 Aug 2006 18:28:52 +0000 (UTC)
	(envelope-from rmeek@russellmeek.net)
Received: from aries.russellmeek.net (aries.russellmeek.net [72.232.211.186])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A6C0E43D83
	for <freebsd-questions@freebsd.org>;
	Mon,  7 Aug 2006 18:28:41 +0000 (GMT)
	(envelope-from rmeek@russellmeek.net)
Received: (qmail 98683 invoked by uid 80); 7 Aug 2006 18:28:40 -0000
Received: from MorrisonHomesMaitland.s11-0-0-9-0.ar1.TPA1.gblx.net
	(MorrisonHomesMaitland.s11-0-0-9-0.ar1.TPA1.gblx.net [64.212.109.78])
	by
	secure.russellmeek.net (Horde MIME library) with HTTP; Mon, 07 Aug 2006
	14:28:40 -0400
Message-ID: <20060807142840.s4jhd0yuskwcw4o8@secure.russellmeek.net>
Date: Mon, 07 Aug 2006 14:28:40 -0400
From: Russell Meek <rmeek@russellmeek.net>
To: dick hoogendijk <dick@nagual.nl>
References: <20060807180521.GA2299@lothlorien.nagual.nl>
In-Reply-To: <20060807180521.GA2299@lothlorien.nagual.nl>
MIME-Version: 1.0
Content-Type: text/plain;
	charset=ISO-8859-1;
	DelSp="Yes";
	format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) H3 (4.1.1)
Cc: freebsd-questions <freebsd-questions@freebsd.org>
Subject: Re: /tmp permissions
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Aug 2006 18:28:52 -0000

Quoting dick hoogendijk <dick@nagual.nl>:

> Today I read that /tmp always is "noexec".
> That should probably be on linux, because on my fbsd-6.1 box it's "rw"
> and that's it.
>
> Question: should I change /tmp to "rw,noexec" to be safer?
>
> --
> dick -- http://nagual.nl/ -- PGP/GnuPG key: F86289CE
> ++ Running FreeBSD 6.1 +++ The Power to Serve
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
>

Dick,

Yes, noexec is a good this security wise.  You could also add nosuid  
depending upon what you may need /tmp for.

Most "kiddie scripts" will attempt to run items out of /tmp, by adding  
noexec you prevent items from executing out of the applied directory.

Thanks,

- Russell