[systemd-devel] Any reason why /run and /dev/shm do not have MS_NOEXEC flags set?
Topi Miettinen
toiwoton at gmail.com
Wed Feb 1 17:10:23 UTC 2017
On 02/01/17 13:13, Hoyer, Marko (ADITG/SW2) wrote:
> Hi,
>
> thanks to all for your fast feedback. I'll kick off an internal discussion based on the facts you delivered to find out if our people actually want what they want ;)
Filesystem W^X is a nice idea, but considering scripting or other (even
unintentional) Turing complete interpreters in a system, its not very
strong protection. See also
https://lwn.net/Articles/708196/
In my setup I have mounted /run with noexec, but /run/user/* still exec.
Then for each service you can enable systemd directive ProtectHome=true
which makes /run/user inaccessible.
Likewise for /dev/shm, you can check if it is needed by each service at
all and make it completely inaccessible if so, rather than making it
globally noexec.
-Topi
More information about the systemd-devel
mailing list