Resolution
It is recommended that you create a /tmp as a separate partition and mount it with 'noexec' and 'nosuid' options.'noexec' disables the executable file attribute within an entire file system, effectively preventing any files within that file system from being executed.
'nosuid' disables the SUID file-attribute within an entire file system. This prevents SUID attacks on, for example, the /tmp file system.
- If the /tmp is a separate partition on the server, you only need to edit /etc/fstab and add 'noexec' and 'nosuid' options for /tmp. Then remount the partition.
- If the /tmp directory resides on the / partition, it is better to create a new partition for a /tmp with a size of 512 M for example:
# mkdir /filesystems
# dd if=/dev/zero of=/filesystems/tmp_fs seek=512 count=512 bs=1M
# mkfs.ext3 /filesystems/tmp_fs- Add the string into /etc/fstab:
/filesystems/tmp_fs /tmp ext3 noexec,nosuid,loop 1 1
- Move the current /tmp directory content to another location.
- Mount the new /tmp partition:
# mount /tmp - Move content from the old /tmp directory to the new one.
Additional information
Some packages require executable permissions in the /tmp directory during installation. Install all required packages on the server before mounting a /tmp partition with a 'noexec' parameter.e.g. Mysql server requires executable permissions in the /tmp directory. If the 'noexec' parameter is enabled, the Mysql server installation can fail with the following error:
Can't exec "/tmp/mysql-server-5.0.config.23921": Permission denied at /usr/share/perl/5.10/IPC/Open3.pm line 168.