¿äÁò À¥ÇÁ·Î±×·¥ÀÇ Ãë¾àÁ¡À» ÀÌ¿ëÇÏ¿© /tmp Æú´õ¿¡ ÆÄÀÏÀ» ¿Ã¸° ÈÄ ÇØ´ç ÆÄÀÏÀ» ½ÇÇàÇÏ¿© ¼­¹ö¿¡ ºÎÇϸ¦ ÁÖ´Â °æ¿ì°¡ ¸¹´Ù.
ÀÌ°É ¸·´Â ¹æ¹ýÀº ¸ÕÀú 1777 ±ÇÇÑÀ¸·Î µÈ Æú´õ´Â °¡±ÞÀûÀÌ¸é ¾ø¾Ö´Â °ÍÀÌ ÁÁÀ¸¸ç ºÒ°¡ÇÇÇÒ °æ¿ì ÆÄƼ¼Ç¿¡ noexec ¸¦ Áà ½ÇÇà±ÇÇÑÀÌ ¾øµµ·Ï ÇÏ´Â °ÍÀÌ ÁÁ´Ù.

1. ¼­¹ö¿¡ 1777 ±ÇÇÑÀ¸·Î µÇ¾î ÀÖ´Â Æú´õ°¡ ¹¹°¡ ÀÖ´ÂÁö Á¶»çÇÑ´Ù.
# fine / -perm 1777 -print

2. º¸Åë /var/tmp ¿Í /tmp °¡ ÀÖÀ» °ÍÀÌ´Ù. ¿©±â¼­ /var/tmp ´Â /tmp ·Î ¸µÅ©¸¦ °É¾î Çϳª¸¸ °ü¸®ÇÏ¸é µÇµµ·Ï ÇÑ´Ù.

# rm -rf /var/tmp
# ln -s /tmp /var/tmp


3. /tmp ÆÄƼ¼Ç¿¡ ½ÇÇà±ÇÇÑÀ» ¾ø¾Ø´Ù.

(1) fstab ¼öÁ¤

# vi /etc/fstab

º¯°æ Àü)
/dev/sda10 /tmp ext3 defaults
none /dev/shm tmpfs defaults

º¯°æ ÈÄ)
/dev/sda10 /tmp ext3 defaults,noexec,nosuid
none /dev/shm tmpfs defaults,noexec,nosuid

(2) ¸®¸¶¿îÆ®
# mount -oremount /tmp
# mount -oremount /dev/shm

(3) Àû¿ë ¿©ºÎ È®ÀÎ
# mount

4. /tmp ÆÄƼ¼ÇÀÌ º°µµ·Î ³ª´²ÀÖÁö ¾Ê°í ÅëÀ¸·Î ÀâÇô ÀÖÀ» °æ¿ì ¾Æ·¡¿Í °°ÀÌ ÆÄƼ¼Ç º°µµ·Î Ãß°¡ ¼³Á¤

(1) ÆÄƼ¼Ç Ãß°¡ ¼³Á¤

# cd /dev
# dd if=/dev/zero of=tmpmount bs=1024 count=800000
# mke2fs -j /dev/tmpmount
-j ¿É¼ÇÀº ext3·Î »ý¼ºÇÑ´Ù´Â ÀǹÌ, »ý·«Çϸé ext2·Î »ý¼ºµÊ.
# mount -o loop,noexec,nosuid,rw /dev/tmpmount /tmp

(2) ¸®¸¶¿îÆ® ½Ã ¾Æ·¡¿Í °°Àº ¿¡·¯°¡ ³¯ °æ¿ì
[root@www root]# mount -o loop,noexec,nosuid,rw /dev/tmpmount /tmp
mount: Could not find any loop device, and, according to /proc/devices,
this kernel does not know about the loop device.
(If so, then recompile or `insmod loop.o'.)
ÀÌ °æ¿ì Ä¿³ÎÄÄÆÄÀÏ ½Ã
Block devices --->[*] Loopback device support ¿Í °°ÀÌ ¼±ÅÃÇØ ÁÖ¾î¾ß ÇÑ´Ù.
ÀϹÝÀûÀ¸·Î ²À ÀÌ ±â´ÉÀ» »ç¿ëÇÏÁö ¾ÊÀ¸½Ã´õ¶óµµ ¼±ÅÃÇØ ÁÖ´Â °ÍÀÌ ÁÁ´Ù.

5. noexecÀÇ ÇÑ°è
¹°·Ð À§¿Í °°ÀÌ ÇÑ´Ù°í Çؼ­ 100% /tmp ¿¡ ÆÄÀÏÀ» ¿Ã·ÁµÎ°í ½ÇÇàÇÏ´Â °ÍÀ» ¸·À» ¼ø ¾ø´Ù.
¾Æ·¡¿Í °°ÀÌ Á÷Á¢ ½ÇÇàÇÏÁö ¾Ê°í ÂüÁ¶ÇÏ¿© ½ÇÇàÇÒ °æ¿ì ÆÄƼ¼Ç¿¡ noexec¸¦ Áشٰí Çصµ ½ÇÇàÀÌ µÈ´Ù.
# /usr/bin/perl /tmp/test.cgi
# /bin/sh /tmp/test.sh
µû¶ó¼­ Áö¼ÓÀûÀÎ ¸ð´ÏÅ͸µÀÌ ÇÊ¿äÇÏ´Ù.