[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-poweredge
Subject:    Re: [Linux-PowerEdge] Upgrading firmware under CentOS7
From:       Stephen Dowdy <sdowdy () ucar ! edu>
Date:       2016-10-24 15:29:13
Message-ID: CA+CZZDZvzj0Nu0YsR6px5NC0WOHbpn+1N+88u6Yrkq7AjZq0BQ () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


On Mon, Oct 24, 2016 at 9:04 AM, Stephen Dowdy <sdowdy@ucar.edu> wrote:

> SUMMARY: you could use linux namespaces (see proof-of-concept below)


​Since i failed to explicitly state WHY using this over 'mount -o
remount,exec /tmp', the point would be to NOT enable a potential GLOBAL
/tmp trojan/drop attack (the main point behind ​NOEXEC use on /tmp) even
during a short window (where "short" can be as long as like 30 minutes with
an iDRAC update)

--stephen



-- 
Stephen Dowdy  -  Systems Administrator  -  NCAR/RAL
303.497.2869   -  sdowdy@ucar.edu        -  http://www.ral.ucar.edu/~sdowdy/

[Attachment #5 (text/html)]

<div dir="ltr"><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Oct 24, 2016 at \
9:04 AM, Stephen Dowdy <span dir="ltr">&lt;<a href="mailto:sdowdy@ucar.edu" \
target="_blank">sdowdy@ucar.edu</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" \
style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">SUMMARY: you could use \
linux namespaces (see proof-of-concept below)</blockquote></div><br><div \
style="font-family:monospace,monospace" class="gmail_default">​Since i failed to explicitly \
state WHY using this over &#39;mount -o remount,exec /tmp&#39;, the point would be to NOT \
enable a potential GLOBAL /tmp trojan/drop attack (the main point behind ​NOEXEC use on /tmp) \
even during a short window (where &quot;short&quot; can be as long as like 30 minutes with an \
iDRAC update)<br><br></div><div style="font-family:monospace,monospace" \
class="gmail_default">--stephen<br></div><br><br clear="all"><br>-- <br><div \
class="gmail_signature" data-smartmail="gmail_signature">Stephen Dowdy   -   Systems \
Administrator   -   NCAR/RAL<br>303.497.2869     -   <a href="mailto:sdowdy@ucar.edu" \
target="_blank">sdowdy@ucar.edu</a>            -   <a href="http://www.ral.ucar.edu/~sdowdy/" \
target="_blank">http://www.ral.ucar.edu/~sdowdy/</a><br><br><br></div> </div></div>



_______________________________________________
Linux-PowerEdge mailing list
Linux-PowerEdge@dell.com
https://lists.us.dell.com/mailman/listinfo/linux-poweredge


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic