[systemd-devel] Any reason why /run and /dev/shm do not have MS_NOEXEC flags set?
Lennart Poettering
lennart at poettering.net
Wed Feb 1 10:24:08 UTC 2017
On Wed, 01.02.17 11:19, Michael Biebl (mbiebl at gmail.com) wrote:
> 2017-02-01 11:02 GMT+01:00 Hoyer, Marko (ADITG/SW2) <mhoyer at de.adit-jv.com>:
> > - Is there any reason why the mount points /run and /dev/shm do not have
> > MS_NOEXEC flags set?
>
> /run → https://www.freedesktop.org/wiki/Software/systemd/InitrdInterface/
>
> the initrd can place executables in /run so it can cleanly
> disasssemble the / file system
>
> /dev/shm → the mount options have been like this for basically
> forever. I assume changing that has the potential to break existing
> software
Also, some software uses these locations to place memory mapped files
with PROT_EXEC set, which setting MS_NOEXEC prohibits too.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list