Noexec and /tmp Troubleshooting


  • Applies to: DV Developer
    • Difficulty: Medium
    • Time Needed: 20
    • Tools Required: SSH Access

READ ME FIRST

Please keep in mind that the DV Developer is a self-managed hosting solution. This article is provided as a courtesy, and the material covered is outside the scope of support provided by (mt) Media Temple. Please take a moment to review our Statement of Support.

Introduction

Many simple exploits that are used against servers rely upon being able to execute commands in /tmp (for example, via vulnerable PHP applications, local users, etc).

For several years, the DV Developer was provisioned with /tmp mounted in a "noexec" configuration to help prevent such attacks. However, as of April 5th, 2013, that is no longer the case. All DV Developer rebooted after that date will feature a /tmp folder without the "noexec" restriction. This is also true of any DV Developer provisioned after that date.

That being said, if you would like to learn more about noexec and how to get around it, please see the "DV 4.0" section of this article by clicking the appropriate tab in the meta bar above.

READ ME FIRST

Please keep in mind that the DV server is a self-managed hosting solution. This article is provided as a courtesy, and the material covered is outside the scope of support provided by (mt) Media Temple. Please take a moment to review our Statement of Support.

Introduction

Many simple exploits that are used against servers rely upon being able to execute commands in /tmp (for example, via vulnerable PHP applications, local users, etc). As a security precaution, /tmp is mounted with noexec. This is a good thing and should generally stay this way. There are some circumstances where you may need to have /tmp executable.

Instructions

To have a /tmp directory where we can execute fields, we will create a "chroot" /tmp directory. This ensures that no processes currently accessing /tmp are interrupted in any way. This also ensures that your /tmp that allows execution is never accessible to currently running processes, limiting your exposure to possible exploits.

  1. Create a "chroot" environment that contains a "/tmp" directory that allows for file execution:
    # mkdir -p /root/chroot /root/tmp
    # mount --bind / /root/chroot
    # mount --bind /root/tmp /root/chroot/tmp
    
  2. "chroot" into the environment you created:
    # chroot /root/chroot
    
  3. At this point, you are in the "chroot" environment and can run any commands you need to.

    NOTE: If you are performing a PECL install, please return to step four (4) in the "Installing PECL extensions" KB article!

  4. When you are done, type the following commands:
    # exit
    exit
    # umount -l /root/chroot
    IMPORTANT: Execute "df -h" to confirm the directory has been unmounted. There should not be a "/root/chroot" listing in the output!  DO NOT execute the following command if the "umount" command has NOT first been executed and you have confirmed that "/root/chroot" does not show up when executing "df -h"! This can cause major issues if you do not "umount" it first!                                         
    
    # rm -fr /root/chroot /root/tmp/
     
  5. Now you are back to your normal environment!

NOTE: If you are performing a PECL install, please return to step seven (7) in the "Installing PECL extensions" KB article!