Skip to main content
Unix & Linux

Return to Question

edited body
Source Link
Belmin Fernandez
Belmin Fernandez
  • 9.9k
  • 16
  • 51
  • 52

And I'm performing all commands as root (hence the banghash prompt).

And I'm performing all commands as root (hence the bang prompt).

And I'm performing all commands as root (hence the hash prompt).

Fixed Gilles' name. Oops.
Source Link
Belmin Fernandez
Belmin Fernandez
  • 9.9k
  • 16
  • 51
  • 52

3rd Update:

Per Hello71:

# mount | grep /tmp
# mount | grep -w '/'
/dev/mapper/vg_svr-tap-lv_root on / type ext4 (rw)

Answers to Gilles' questions:

Is this something you read about in a book, or did you reach this situation on a real machine?

Noticed this while performing a lab in a book on a real machine.

Is SELinux in use?

# sestatus 
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

Some Linux-on-Linux virtualisation?

Yes. KVM/QEMU guest.

I second Hello71's request, except please grep /tmp /proc/mounts

Nothing matches.

Also env | grep '^LD_' please.

Nothing matches.

Oh, and can we rule out active attacks

Yes we can. I'm the only one that has access to this guest.

3rd Update:

Per Hello71:

# mount | grep /tmp
# mount | grep -w '/'
/dev/mapper/vg_svr-tap-lv_root on / type ext4 (rw)

Answers to Gilles' questions:

Is this something you read about in a book, or did you reach this situation on a real machine?

Noticed this while performing a lab in a book on a real machine.

Is SELinux in use?

# sestatus 
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

Some Linux-on-Linux virtualisation?

Yes. KVM/QEMU guest.

I second Hello71's request, except please grep /tmp /proc/mounts

Nothing matches.

Also env | grep '^LD_' please.

Nothing matches.

Oh, and can we rule out active attacks

Yes we can. I'm the only one that has access to this guest.

Tweeted twitter.com/#!/StackUnix/status/92708665441792000
added full permissions per comment.
Source Link
Belmin Fernandez
Belmin Fernandez
  • 9.9k
  • 16
  • 51
  • 52

Update1st Update:

And I'm performing all commands as root (hence the bang prompt).

2nd Update

Per Caleb, full permissions listing of /tmp:

# ls -al /tmp
total 40
drwxrwxrwt.  8 root    root    4096 Jul 17 15:37 .
dr-xr-xr-x. 26 root    root    4096 Jul 17 15:07 ..
drwx------.  2 melmel  melmel  4096 Jul 16 21:08 .esd-500
drwxrwxrwt.  2 root    root    4096 Jul 17 15:07 .ICE-unix
drwx------.  2 gdm     gdm     4096 Jul 17 15:08 orbit-gdm
drwx------.  2 gdm     gdm     4096 Jul 17 15:07 pulse-5E9i88IGxaNh
drwx------.  2 melmel  melmel  4096 Jul 16 21:08 pulse-329qCo13Xk
-rw-------.  1 root    root       0 Jul 16 14:32 tmpXd9THg
-rw-------.  1 root    root       0 Jul 16 12:55 tmpie0O98
-rw-------.  1 root    root       0 Jul 16 20:23 tmpr10LrK
-r--r--r--.  1 root    root      11 Jul 17 15:07 .X0-lock
drwxrwxrwt.  2 root    root    4096 Jul 17 15:07 .X11-unix
-rw-r--r--.  1 root    root     865 Jul 16 20:20 yum.conf.security
-rw-------.  1 root    root       0 Jul 10 14:57 yum.log

Update:

And I'm performing all commands as root (hence the bang prompt).

1st Update:

And I'm performing all commands as root (hence the bang prompt).

2nd Update

Per Caleb, full permissions listing of /tmp:

# ls -al /tmp
total 40
drwxrwxrwt.  8 root    root    4096 Jul 17 15:37 .
dr-xr-xr-x. 26 root    root    4096 Jul 17 15:07 ..
drwx------.  2 melmel  melmel  4096 Jul 16 21:08 .esd-500
drwxrwxrwt.  2 root    root    4096 Jul 17 15:07 .ICE-unix
drwx------.  2 gdm     gdm     4096 Jul 17 15:08 orbit-gdm
drwx------.  2 gdm     gdm     4096 Jul 17 15:07 pulse-5E9i88IGxaNh
drwx------.  2 melmel  melmel  4096 Jul 16 21:08 pulse-329qCo13Xk
-rw-------.  1 root    root       0 Jul 16 14:32 tmpXd9THg
-rw-------.  1 root    root       0 Jul 16 12:55 tmpie0O98
-rw-------.  1 root    root       0 Jul 16 20:23 tmpr10LrK
-r--r--r--.  1 root    root      11 Jul 17 15:07 .X0-lock
drwxrwxrwt.  2 root    root    4096 Jul 17 15:07 .X11-unix
-rw-r--r--.  1 root    root     865 Jul 16 20:20 yum.conf.security
-rw-------.  1 root    root       0 Jul 10 14:57 yum.log
showing `file` command before and after
Source Link
Belmin Fernandez
Belmin Fernandez
  • 9.9k
  • 16
  • 51
  • 52
Source Link
Belmin Fernandez
Belmin Fernandez
  • 9.9k
  • 16
  • 51
  • 52