By using AWS re:Post, you agree to the Terms of Use

Unanswered Questions tagged with Security

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Not using "noexec" with "/run" mount, on EC2 Ubuntu 22.04.1 LTS

I believe this *might* be a security issue, as [this happened in 2014](https://www.tenable.com/plugins/nessus/73180), but would rather not pay $29 for "Premium Support". It looks like the `initramfs` is not always mounting the `/run` partition as `noexec`. A stock `Ubuntu 22.04` install shows the `noexec` mount option is present ([source](https://askubuntu.com/a/1432445/924107)), so I suspect one of the AWS modifications has affected this? I can check four EC2 servers that are running `Ubuntu 22.04.1 LTS`, three of them upgraded from `Ubuntu 20.04.5`, the other started new a few weeks ago... oddly, two of the upgraded servers have kept the `noexec`. ``` # New server # Launched: Sep 02 2022 # AMI name: ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20220609 mount | grep '/run ' tmpfs on /run type tmpfs (rw,nosuid,nodev,size=803020k,nr_inodes=819200,mode=755,inode64) uname -a Linux HostB 5.15.0-1020-aws #24-Ubuntu SMP Thu Sep 1 16:04:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux ``` ``` # Upgraded server # Launched: Apr 25 2022 # AMI name: ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20211129 mount | grep '/run ' tmpfs on /run type tmpfs (rw,nosuid,nodev,size=94812k,nr_inodes=819200,mode=755,inode64) uname -a Linux HostA 5.15.0-1020-aws #24-Ubuntu SMP Thu Sep 1 16:04:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux ``` ``` # Upgraded server # Launched: Nov 16 2021 # AMI name: ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-20180522 mount | grep '/run ' tmpfs on /run type tmpfs (rw,nosuid,nodev,noexec,relatime,size=47408k,mode=755,inode64) uname -a Linux HostC 5.15.0-1020-aws #24-Ubuntu SMP Thu Sep 1 16:04:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux ``` ``` # Upgraded server # Launched: Feb 10 2017 # AMI name: ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-20170113 mount | grep '/run ' tmpfs on /run type tmpfs (rw,nosuid,nodev,noexec,relatime,size=202012k,mode=755,inode64) uname -a Linux HostD 5.15.0-48-generic #54-Ubuntu SMP Fri Aug 26 13:26:29 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux ```
0
answers
0
votes
5
views
asked an hour ago

yum update python not working in AL2 EC2 instance (from elastic beanstalk).

The security adivsory here https://alas.aws.amazon.com/AL2/ALAS-2022-1802.html indicates that the AL2 Python package has been patched and an update is available (in python-2.7.18-1.amzn2.0.5.aarch64). The adisory directs: ``` Issue Correction: Run yum update python to update your system. ``` However, executing yum update python does not update the package - no update to the package is found. Why is the package update not applied? ``` [ec2-user@ip-redacted ~]$ yum info python Loaded plugins: extras_suggestions, langpacks, priorities, update-motd 207 packages excluded due to repository priority protections Installed Packages Name : python Arch : aarch64 Version : 2.7.18 Release : 1.amzn2.0.4 Size : 139 k Repo : installed Summary : An interpreted, interactive, object-oriented programming language URL : http://www.python.org/ License : Python Description : Python is an interpreted, interactive, object-oriented programming : language often compared to Tcl, Perl, Scheme or Java. Python includes : modules, classes, exceptions, very high level dynamic data types and : dynamic typing. Python supports interfaces to many system calls and : libraries, as well as to various windowing systems (X11, Motif, Tk, : Mac and MFC). : : Programmers can write new built-in modules for Python in C or C++. : Python can be used as an extension language for applications that need : a programmable interface. : : Note that documentation for Python is provided in the python-docs : package. : : This package provides the "python" executable; most of the actual : implementation is within the "python-libs" package. [ec2-user@ip-redacted ~]$ sudo yum update python Loaded plugins: extras_suggestions, langpacks, priorities, update-motd amzn2-core | 3.7 kB 00:00:00 207 packages excluded due to repository priority protections No packages marked for update [ec2-user@ip-redacted ~]$ ```
0
answers
0
votes
25
views
asked a month ago