Reply to post:

Attackers exploit Spring4Shell flaw to let loose the Mirai botnet

doublelayer Silver badge

Separate volume, lots of people do that. Noexec, not as many people as you'd hope. Although in this case, /tmp is just a convenient place to store things because a lot of these things are embedded devices with little storage but /tmp in RAM. If a target wasn't allowing the chmod from there, the attacker could find somewhere else to put their binary as long as there was some writable storage. That binary could be a very small one that loaded instructions from another file in /tmp that wasn't executed.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022