[systemd-devel] Any reason why /run and /dev/shm do not have MS_NOEXEC flags set?

Lennart Poettering lennart at poettering.net
Wed Feb 1 10:24:08 UTC 2017


On Wed, 01.02.17 11:19, Michael Biebl (mbiebl at gmail.com) wrote:

> 2017-02-01 11:02 GMT+01:00 Hoyer, Marko (ADITG/SW2) <mhoyer at de.adit-jv.com>:
> > - Is there any reason why the mount points /run and /dev/shm do not have
> > MS_NOEXEC flags set?
> 
> /run → https://www.freedesktop.org/wiki/Software/systemd/InitrdInterface/
> 
> the initrd can place executables in /run so it can cleanly
> disasssemble the / file system
> 
> /dev/shm → the mount options have been like this for basically
> forever. I assume changing that has the potential to break existing
> software

Also, some software uses these locations to place memory mapped files
with PROT_EXEC set, which setting MS_NOEXEC prohibits too.

Lennart

-- 
Lennart Poettering, Red Hat


More information about the systemd-devel mailing list