[systemd-devel] /run DoS

Lennart Poettering mzerqung at 0pointer.de
Sun Apr 3 14:14:34 PDT 2011


On Sun, 03.04.11 23:05, Michał Piotrowski (mkkp4x4 at gmail.com) wrote:

> 
> W dniu 3 kwietnia 2011 22:39 użytkownik Lennart Poettering
> <mzerqung at 0pointer.de> napisał:
> > On Sun, 03.04.11 13:54, Lennart Poettering (mzerqung at 0pointer.de) wrote:
> >
> >> On Sun, 03.04.11 13:10, Michał Piotrowski (mkkp4x4 at gmail.com) wrote:
> >>
> >> > Hi,
> >> >
> >> > I can write to /run/user/michal in this way I can fill the entire free
> >> > tmpfs space which is not good from my POV.
> >>
> >> Yupp, this is trivially fixable by placing another tmpfs on /run/user,
> >> which can be done by installing a run-user.mount unit.
> >>
> >> We considered doing so by default, but stepped back a little, since we
> >> didn't want to add another tmpfs to the mix, just like that. But yeah,
> >> we probably should do that.
> >
> > We have the same vulnerability on /dev/shm btw.
> >
> > For now Kay and I are leaning to leaving things as they are for now, and
> > count on that the kernel folks add quota support to tmpfs one day, since
> > that appears the correct fix.
> 
> Of course it will be the best solution. But I doubt it will happen in
> a next few weeks - so some temporary workaround for F15 would be
> appreciated. It seems to me that this is a too serious problem to
> release F15 without fixing/workarounding it somehow.

Well, /run/user can be fixed trivially, just by adding a separate tmpfs
for it. But for /dev/shm I see no quick fix... do you?

I think we should fix either both or should wait for the proper fix by
the kernel.

Lennart

-- 
Lennart Poettering - Red Hat, Inc.


More information about the systemd-devel mailing list