[systemd-devel] Any reason why /run and /dev/shm do not have MS_NOEXEC flags set?
Reindl Harald
h.reindl at thelounge.net
Wed Feb 1 10:54:50 UTC 2017
Am 01.02.2017 um 11:02 schrieb Hoyer, Marko (ADITG/SW2):
> a tiny question:
>
> - Is there any reason why the mount points /run and /dev/shm do not have
> MS_NOEXEC flags set?
>
> We like to remove execution capabilities from all volatile areas that
> are writeable to users for security reasons
it's all not that easy - see
https://bugzilla.redhat.com/show_bug.cgi?id=1398474 and
https://bugs.exim.org/show_bug.cgi?id=1749 and i am pretty sure other
pieces would break on case of noexec SHM (yes i know that these
bugreports are not about SHM, they are just a example)
More information about the systemd-devel
mailing list