All Questions
Tagged with executablesecurity
13 questions
10votes
3answers
1kviews
Prevent application from being executed by any local user except systemd
I need to run the binary that I don't fully trust. I've created a systemd unit for it where it's locked down as much as humanly possible, it works great. Now it's still on my system (Fedora) and I may ...
- 32.1k
0votes
1answer
2kviews
Advanced access control solutions for managing execution permissions on Fedora systems
I would like to learn about solutions/alternatives for managing execution access to applications in Linux-based systems (specifically Fedora flavours). I already researched possibilities like ...
0votes
1answer
62views
Are there drawbacks (security or otherwise) to using 'su <user>' into a lesser-priveleged user to start a web application?
My goal is to manage the startup of a number of applications with an application executed by a user with elevated permissions. The plan is to have the startup manager (a node.js script using require('...
- 3
1vote
2answers
334views
Where to store proprietary code and executable scripts? [closed]
I have Python code that is run using a bash script. I want non-sudo users to be able to run it without making the Python code readable. What is the recommended pattern? Two ways I considered: Put ...
- 139
1vote
1answer
520views
noexec flag for /tmp (OpenSUSE)
I would harden my OpenSUSE 42.2. If I put noexec flag for /tmp and /var/tmp locations mount, zypper could suffer for this? Possible issues could depend by single package working and needing but above ...
- 11
2votes
1answer
154views
If a user can only read and write files, is that sufficient to prevent execution?
A user has use of an application running on a Linux server. The application provides the user with an API that allows reading and writing files on the server, but does not offer any means of ...
- 1,485
4votes
1answer
202views
Preserve evidence of intrusion / deleted executable?
If you are faced with a non-root remote command execution vulnerability, and there is a foreign executable that's running on your Linux system from a user with only non-administrator privileges, what'...
- 3,333
46votes
2answers
112kviews
Why does sshd requires an absolute path?
Why does sshd require an absolute path when restarting, e.g /usr/sbin/sshd rather than sshd Are there any security implications? P.S the error message: # sshd sshd re-exec requires execution with ...
- 55.6k
0votes
4answers
14kviews
noexec on /tmp and /var/tmp directory
Our client servers are running old version of jboss (Jboss 4.0) which has lots of known vulnerabilities. Result is that the server is hacked and we are seeing some unknown executable running from /tmp,...
- 3,376
61votes
5answers
71kviews
How to test whether a Linux binary was compiled as position independent code?
I recently learned that (at least on Fedora and Red Hat Enterprise Linux), executable programs that are compiled as Position Independent Executables (PIE) receive stronger address space randomization (...
- 4,208
0votes
2answers
170views
are daemon tmpfs executables copied unencrypted to memory upon execution? (prevent if so?)
When a daemon is executed, is the executable copied to memory? If so, can it be copied encrypted? If not, is there a way to prevent the executable from being copied to memory? The executable is ...
user31705
34votes
5answers
2kviews
Execution of possibly harmful program on Linux
I'm writing a program that will test programs written by students. I'm afraid that I can't trust them and I need to make sure that it won't end up badly for the computer running it. I was thinking ...
- 1,591
19votes
3answers
59kviews
File permission execute only
How can I set file to be executable only to other users but not readable/writable, the reason for this I'm executing something with my username but I don't want to give out the password. I tried : ...
- 964
