[systemd-devel] /run DoS
Michał Piotrowski
mkkp4x4 at gmail.com
Sun Apr 3 15:09:44 PDT 2011
2011/4/3 Kay Sievers <kay.sievers at vrfy.org>:
> 2011/4/3 Lennart Poettering <mzerqung at 0pointer.de>:
>> On Sun, 03.04.11 23:28, Michał Piotrowski (mkkp4x4 at gmail.com) wrote:
>>
>>> > But for /dev/shm I see no quick fix... do you?
>>>
>>> Unfortunately not. No one foresaw that quota support on tmpfs will
>>> someday be useful :)
>>>
>>> >
>>> > I think we should fix either both or should wait for the proper fix by
>>> > the kernel.
>>>
>>> Can you temporarily fix one?
>>
>> Well, of course we could.
>>
>> But, think about it, what does this help? The vulnerability doesn't go
>> away by doing this, and we'd have a temporary hack in there, that we'd
>> have to remove later on again.
>
> Systems who might run into problems with /dev/shm, can just add limits
> to /etc/fstab, and systemd will re-mount it and apply them.
>
> There should really be a _proper_ solution some day, be it quota or
> something else. We have way too many /tmp-like dirs, where users can
> just leave their crap behind and cause problems. This is really
> nothing new with systemd.
I'm not saying that systemd is guilty of anything here :) Introduction
of /run dir just introduced yet another problem that can be used by
malicious users. I know that the most appropriate solution would be to
fix tmpfs but before it happens this problem can be used many times to
piss off admins and other system users.
>
> Kay
>
--
Best regards,
Michal
http://eventhorizon.pl/
More information about the systemd-devel
mailing list