ComputerSecurityStudent (CSS) [Login] [Join Now]

|UNIX >> Fedora >> Current Page |Views: 14556

(Fedora: Lesson 8)

{ Making /tmp non-executable }

Section 0. Background Information
  • What is /etc/fstab
    • The fstab is a configuration file that contains information of all the partitions and storage devices in your computer.
    • The file is located under /etc, so the full path to this file is /etc/fstab. /etc/fstab contains information of where your partitions and storage devices should be mounted and how.
    • The fstab is just a plain text file, so you can open and edit it with any text editor you're familiar with. However, note that you must have the root privileges before editing fstab. So, in order to edit the file, you must either log in as root or use the su command to become root.

  • Making /tmp non-executable
    • Many simple exploits that are used against Linux machines, (via vulnerable PHP applications or local users, etc), rely upon being able to execute commands in /tmp.
    • If this is a separate partition or file system you can gain some protection by marking it non-executable.

  • Pre-Requisite Lab
    1. Fedora: Lesson 1: Installing Fedora 14

  • Lab Notes
    • In this lab we will do the following:
      1. Configure /etc/fstab to prohibit /tmp executables from running.

  • Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • You are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
    • 2016 No content replication of any kind is allowed without express written permission.


Section 1: Edit the Fedora14 Virtual Machine
  1. Open VMware Player on your windows machine.
    • Instructions:
      1. Click the Start Button
      2. Type "vmware player" in the search box
      3. Click on VMware Player


  2. Edit Fedora 14 Virtual Machine Settings
    • Instructions:
      1. Highlight Fedora14
      2. Click Edit virtual machine settings


  3. Edit Network Adapter
    • Instructions:
      1. Highlight Network Adapter
      2. Select Bridged
      3. Click the OK Button


Section 2: Play the Fedora14 Virtual Machine
  1. Start the Fedora14 VM
    • Instructions:
      1. Click on the Fedora14 VM
      2. Click on Play virtual machine


Section 3: Login to your Fedora14 server:
  1. Login As student
    • Instructions:
      1. Click on student
      2. Provide student password
      3. Click the Login Button


  2. Start Up A Terminal.
    • Instructions:
      1. Applications --> System Tools --> Terminal


  3. Switch User to root
    • Instruction:
      1. su - root
      2. Supply the Root Password


  4. Get IP Address
    • Instructions:
      1. ifconfig -a
    • Notes (FYI):
      • As indicated below, my IP address is
      • Please record your IP address.


Section 4: Creating a basic executable shell script
  1. Navigate to the /tmp directory
    • Instructions:
      1. cd /tmp


  2. Create an executable shell script
    • Instructions:
      1. vi


  3. Enter into INSERT Mode
    • Instructions:
      1. Press the (i) key
      2. Notice in the lower left corner that you are now in INSERT mode.


  4. Insert Script
    • Notes(FYI):
      • Below are the lines of shell code that you will input into the terminal window.
    • Instructions:
      1. #!/bin/bash
      2. Press <Enter> two times
      3. echo "Hello World"
    • Notes(FYI):
      • Line #1, The shebang (#!) syntax is used in scripts to indicate to the Linux/Unix operating system that an interpreter is needed to interpret and execute the particular file.  In this case, we are telling the Linux operating system, that the bash shell will be required to interpret this file.
      • Line #2, You only need to press <Enter> once, but the instructions say twice for cosmetic appearance.
      • Line #3, (echo) is used to print the string (Hello World) to the screen, which is known as standard output.


  5. Exit INSERT Mode
    • Instructions:
      1. Press the <Esc> Key
      2. Notice that you are no longer in INSERT mode


  6. Save the Bash Script
    • Instructions:
      1. Type :wq! to save and quit the file
      2. Press the <Enter> key


  7.  Set Permissions and Execute Script
    • Instructions:
      1. ls -l
      2. ./
      3. chmod 777
      4. ls -l
      5. ./
    • Note(FYI):
      • Command #1, Use (ls -l) to list the file permissions and ownerships of the file (  The permissions are as follows:  Owner can read and write, the Group can only read, and Other (aka World) can only read.  Notice, none of the execute bits are set.
      • Command #2, Use (./) to try to execute the script.  Notice it did not execute and you received a warning Permission denied.  This is because none of the execute bits are set -or- turned on.  Consequently, this is a brief lesson on setting execute permissions, and obviously you can place bash in front of to execute it without the permissions being set.
        • E.g., bash
      • Command #3, Use (chmod) to set give all permissions to Owner, Group and Other.  Accordingly, this is very unsafe, which means that anybody can not only execute this script, but can edit it to do harmful things.  (Below is only meant to show a basic example of things you don't want placed in a script that could potentially be executed by a user.  Accordingly the effective UID is not set).
        • for DISK in `fdisk -l | grep "^Disk /dev" | awk '{print $2}' | sed 's/://g'`
        • do echo "Zero Out Disk: $DISK"
        • echo "dd if=/dev/zero of=$DISK"
        • done
      • Command #4-5, Use (./) to execute the file (  Accordingly, the script wrote Hello World to the screens standard output. The scary part is that all users in most Linux/Unix environments have access to /tmp.


Section 5: Editing the /etc/fstab
  1. Make fstab Backup
    • Instructions:
      1. cd /etc
      2. cp fstab fstab.BKP
      3. vi fstab
    • Note(FYI):
      • Command #1, Use (cd) to change directory into the (/etc) directory.
      • Command #2, Use (cp) to make a backup copy (fstab.BKP) of the (fstab) file.
      • Command #3, Use (vi) to open the (fstab) file.  The (fstab) contains information about the various file systems of the particular server.  Among other things, the operating system uses the (fstab) to mount the file systems during boot and in other situations.


  2. Open the /etc/fstab
    • Instructions:
      1. vi fstab


  3. Enter INSERT Mode
    • Instructions:
      1. Arrow down to the line that contains the /tmp mount point.
      2. Arrow right over to where your cursor directly on the "d" in the word defaults, and press the <i> key.
      3. Notice that you are not in INSERT Mode.


  4. Removing execute permission from the /tmp mount point.
    • Instructions:
      1. Type noexec, in front of the word defaults
      2. Press the <Esc> key to get out of vi's INSERT mode
      3. Notice that the word INSERT is not longer visible in the lower left corner of the screen.


  5. Save The File
    • Instructions:
      1. Type :wq! to save and quit
      2. Press the <Enter> Key


Section 6: Remount /tmp
  1. Remounting the /tmp directory
    • Instructions:
      1. cd /
      2. mount -o remount /tmp
      3. mount | grep "/tmp"
    • Note(FYI):
      • Command #1, Use (cd) to navigate to the root (/) file system.  Our of habit, it is always a good idea to change directory into the root (/) file system before issuing before remounting a mount point.
      • Command #2, Use (mount) to only (-o remount) the (/tmp) mount point.
      • Command #3, Use (mount) to display all the mount points.  Use (grep) to only display lines that contain (/tmp).  Notice that (/tmp) now has  (noexec) set.


Section 7: Proof of Lab
  1. See if you can execute the script
    • Instructions:
      1. cd /tmp
      2. ./
      3. date
      4. echo "Your Name"
    • Note(FYI):
      • Command #1, Use (cd) to navigate to the (/tmp) directory.
      • Command #2, Attempt to execute the ( script.  Notice that the permission was denied, which is the desired result.
    • Proof of Lab Instructions
      1. Press both the <Ctrl> and <Alt> keys at the same time.
      2. Do a <PrtScn>
      3. Paste into a word document
      4. Upload to Moodle


Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth