{"id":60,"date":"2020-02-25T14:13:46","date_gmt":"2020-02-25T12:13:46","guid":{"rendered":"http:\/\/rogaleskoo.ddns.net\/?p=60"},"modified":"2020-02-25T14:17:43","modified_gmt":"2020-02-25T12:17:43","slug":"jak-buster-hartowal-sie-cz-5","status":"publish","type":"post","link":"https:\/\/rogaleskoo.ddns.net\/index.php\/2020\/02\/25\/jak-buster-hartowal-sie-cz-5\/","title":{"rendered":"Jak Buster hartowa\u0142 si\u0119 cz. 4"},"content":{"rendered":"\n

Czas zabezpieczy\u0107 \/tmp. Katalog \/tmp jest „world-writable” katalogiem u\u017cywanym do czasowego zapisu przez wszystkich u\u017cytkownik\u00f3w i aplikacje. Napastnik mo\u017ce umie\u015bci\u0107 w katalogu \/tmp plik wykonywalny, kt\u00f3ry np. tworzy link do programu setuid i czeka na zmiany. Po nast\u0105pieniu zmian link jest roz\u0142\u0105czany a napastnik posiada swoj\u0105 kopie programu. Je\u017celi program ma znan\u0105 luk\u0119 to napastnik mo\u017ce j\u0105 dalej wykorzystywa\u0107. Aby temu zapobiega\u0107 nale\u017cny ustawi\u0107 opcj\u0119 noexec dla katalogu. W wypadku kiedy \/tmp stanowi cz\u0119\u015b\u0107 partycji ustawienie parametru noexec nie jest mo\u017cliwe. Z tego powodu na etapie ustalania partycji warto zadba\u0107 o to aby \/tmp by\u0142o oddzieln\u0105 partycj\u0105 lub zamontowa\u0107 tmpfs w \/ tmp. <\/p>\n\n\n\n

Spos\u00f3b zabezpieczenia \/tmp:<\/p>\n\n\n\n

Nale\u017cy skonfigurowa\u0107 \/etc\/fstab:<\/p>\n\n\n\n

tmpfs \/tmp tmpfs defaults,rw,nosuid,nodev,noexec,relatime 0 0 <\/p>\n\n\n\n

Tym wpisem za jednym zamachem w \/tmp ustawiamy system plik\u00f3w na tmpfs, ustawiamy parametry na nosuid, nodev, noexec.<\/p>\n","protected":false},"excerpt":{"rendered":"

Czas zabezpieczy\u0107 \/tmp. Katalog \/tmp jest „world-writable” katalogiem u\u017cywanym do czasowego zapisu przez wszystkich u\u017cytkownik\u00f3w i aplikacje. Napastnik mo\u017ce umie\u015bci\u0107…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-60","post","type-post","status-publish","format-standard","hentry","category-zmagania-z-it"],"_links":{"self":[{"href":"https:\/\/rogaleskoo.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/60","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rogaleskoo.ddns.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rogaleskoo.ddns.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rogaleskoo.ddns.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rogaleskoo.ddns.net\/index.php\/wp-json\/wp\/v2\/comments?post=60"}],"version-history":[{"count":3,"href":"https:\/\/rogaleskoo.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/60\/revisions"}],"predecessor-version":[{"id":63,"href":"https:\/\/rogaleskoo.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/60\/revisions\/63"}],"wp:attachment":[{"href":"https:\/\/rogaleskoo.ddns.net\/index.php\/wp-json\/wp\/v2\/media?parent=60"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rogaleskoo.ddns.net\/index.php\/wp-json\/wp\/v2\/categories?post=60"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rogaleskoo.ddns.net\/index.php\/wp-json\/wp\/v2\/tags?post=60"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}