[systemd-devel] /run DoS
Lennart Poettering
mzerqung at 0pointer.de
Sun Apr 3 13:39:16 PDT 2011
On Sun, 03.04.11 13:54, Lennart Poettering (mzerqung at 0pointer.de) wrote:
> On Sun, 03.04.11 13:10, Michał Piotrowski (mkkp4x4 at gmail.com) wrote:
>
> > Hi,
> >
> > I can write to /run/user/michal in this way I can fill the entire free
> > tmpfs space which is not good from my POV.
>
> Yupp, this is trivially fixable by placing another tmpfs on /run/user,
> which can be done by installing a run-user.mount unit.
>
> We considered doing so by default, but stepped back a little, since we
> didn't want to add another tmpfs to the mix, just like that. But yeah,
> we probably should do that.
We have the same vulnerability on /dev/shm btw.
For now Kay and I are leaning to leaving things as they are for now, and
count on that the kernel folks add quota support to tmpfs one day, since
that appears the correct fix.
Lennart
--
Lennart Poettering - Red Hat, Inc.
More information about the systemd-devel
mailing list