How to Prevent Binary Execution From Mounted Device

Most probable reasons of leaving a post-compiled trojan programs after successfully exploiting a system is brought about by small percentage of having increased security by root not to enable user from compiling a program source, or run executable scripts and binary programs from particular device.

How to mount your device to further prevent script execution from it or program compilation from that mounted device?

Here’s a quick tip on preventing any users from doing binary and shell scripts execution from particular mounted device such as /tmp or /dev/shm directory folder.

How to mount device with noexec preventing program execution?

Simply remount your device as non-suidable and non-executable system device

# mount -o remount, noexec, nosuid /tmp

Yes, remounting them individually can also be done

# mount -o remount, noexec /tmp
# mount -o remount, noexec /tmp

Now, to do some testing, copy an existing executable script and placed in under /tmp folder like so

# cp /root/scripts/test.pl /tmp
# cp /root/scripts/test.sh /tmp

and try to execute those copied scripts like so
# cd /tmp
# ./test.pl
bash: ./test.pl: Permission denied
# ./test.sh
bash: ./test.sh: Permission denied

You can also copy a linux binary file into /tmp and try to execute them.

# cp /usr/bin/who /tmp
# /tmp/who
bash: /tmp/who: Permission denied

Program execution should fail since the device is mounted with noexec and nosuid. However, some linux OS requires the said mounted /tmp device to be listed from /etc/fstab with valid file system type before it can be remounted back again.

To remount all your device back to its default boot up settings based on /etc/fstab, simply

# mount -a

To make the device noexec and nosuid remounts permanently between reboots, simply add it to your existing /tmp mounting flags from /etc/fstab similarly like so. 

/dev/sda5       /tmp              ext3  noexec,nosuid          0       0

Be noted that remounting a device with noexec and nosuid flag would not totally prevent someone from exploiting or abusing your system.

, , , , , , , , , , , , , , , , , , , ,

Tech Guru



Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Categories

Recent Posts