[systemd-devel] /run DoS

Michał Piotrowski mkkp4x4 at gmail.com
Sun Apr 3 14:05:52 PDT 2011


W dniu 3 kwietnia 2011 22:39 użytkownik Lennart Poettering
<mzerqung at 0pointer.de> napisał:
> On Sun, 03.04.11 13:54, Lennart Poettering (mzerqung at 0pointer.de) wrote:
>
>> On Sun, 03.04.11 13:10, Michał Piotrowski (mkkp4x4 at gmail.com) wrote:
>>
>> > Hi,
>> >
>> > I can write to /run/user/michal in this way I can fill the entire free
>> > tmpfs space which is not good from my POV.
>>
>> Yupp, this is trivially fixable by placing another tmpfs on /run/user,
>> which can be done by installing a run-user.mount unit.
>>
>> We considered doing so by default, but stepped back a little, since we
>> didn't want to add another tmpfs to the mix, just like that. But yeah,
>> we probably should do that.
>
> We have the same vulnerability on /dev/shm btw.
>
> For now Kay and I are leaning to leaving things as they are for now, and
> count on that the kernel folks add quota support to tmpfs one day, since
> that appears the correct fix.

Of course it will be the best solution. But I doubt it will happen in
a next few weeks - so some temporary workaround for F15 would be
appreciated. It seems to me that this is a too serious problem to
release F15 without fixing/workarounding it somehow.

>
> Lennart
>
> --
> Lennart Poettering - Red Hat, Inc.
>



-- 
Best regards,
Michal

http://eventhorizon.pl/


More information about the systemd-devel mailing list