Many simple exploits that are used against machines, (via vulnerable PHP applications or local users, etc), rely upon being able to execute commands in /tmp. As a security precaution, /tmp is mounted with noexec. This is a good thing and should generally stay this way. There are some circumstances where you may need to have /tmp executable.
Another option is to simply umount /tmp or /var/tmp:
Finally, if you're still having trouble, you can bind /tmp to another directory with executable permissions:
First, create a chrooted environment that contains a tmp directory that allows file execution:
REFERENCES
http://wiki.mediatemple.net/w/Getting_around_%27noexec%27_issues_with_/tmp
(dv) Dedicated Virtual Servers
You can remount /tmp to make it executable by issuing the following command:mount -o remount,exec /tmpOnce you're done, it's good practice to set /tmp back to noexec:
mount -o remount,noexec /tmp
(ve) servers
The process is a bit different for the (ve) Server. Depending on what function you're using /tmp, you have a few options to bypass this restriction. To get around this issue when using apt-get/aptitude, you can run the following one-liner to use /var/local/tmp instead of /tmp:echo "APT::ExtractTemplates::TempDir \"/var/local/tmp\";" | tee /etc/apt/apt.conf.d/50extracttemplates && mkdir /var/local/tmp/Another issue might occur if you attempt to install PECL extensions. To set up a new temporary directory where the extensions are compiled, issue the following commands:
mkdir -p ~/tmp/pear/cache mkdir -p ~/tmp/pear/temp pear config-set download_dir ~/tmp/pear/cache pear config-set temp_dir ~/tmp/pear/tempIf you're simply running ./configure to compile something, most Linux utilities will honor the TMPDIR option. TMPDIR is the canonical Unix environment variable that points to user scratch space. This will denote the scratch area for temporary files instead of the common default of /tmp. Other forms sometimes accepted are TEMP, TEMPDIR, and TMP but these are used more commonly by non-POSIX operating systems.
Another option is to simply umount /tmp or /var/tmp:
umount /tmp; umount /var/tmpKeep in mind that if you reboot your (ve) after you've done this, /tmp and /var/tmp will return to 'noexec'.
Finally, if you're still having trouble, you can bind /tmp to another directory with executable permissions:
mkdir ~/tmp mount --bind ~/tmp /tmpWhen you're finished up, umount the new ~/tmp directory:
umount /tmp
Chrooted /tmp directory
This is a new method that should work for both the (ve) and (dv) product lines, and ensure that no processes currently accessing /tmp are interrupted in any way. This also ensures that your /tmp that allows execution is never accessible to currently running processes. This limits your exposure to possible exploits.First, create a chrooted environment that contains a tmp directory that allows file execution:
root@ve01:~# mkdir -p /root/chroot /root/tmp root@ve01:~# mount --bind / /root/chroot root@ve01:~# mount --bind /root/tmp /root/chroot/tmp root@ve01:~#Next chroot into the environment you created.
root@ve01:~# chroot /root/chroot root@ve01:/#At this point, you are in the chrooted environment and can run any commands you need to. When you are done, simply type the command 'exit'.
root@ve01:/# exit exit root@ve01:~#Now you are back to your normal environment.
REFERENCES
http://wiki.mediatemple.net/w/Getting_around_%27noexec%27_issues_with_/tmp
