[systemd-devel] Antw: [EXT] Re: Creating executable device nodes in /dev?

Ulrich Windl Ulrich.Windl at rz.uni-regensburg.de
Wed Dec 9 07:58:52 UTC 2020


>>> Jarkko Sakkinen <jarkko at kernel.org> schrieb am 09.12.2020 um 01:15 in Nachricht
<20201209001521.GA64007 at kernel.org>:

...
> 
> What's the data that supports having noexec /dev anyway? With root
> access I can then just use something else like /dev/shm mount.
> 
> Has there been out in the wild real world cases that noexec mount
> of would have prevented?
> 
> For me this sounds a lot just something that "feels more secure"
> without any measurable benefit. Can you prove me wrong?

I think the better question is: Why not allow it? I.e.: Why do you want to forbid it?

Event though I wouldn't like it myself, I could even think of noexec /tmp.

Regards,
Ulrich




More information about the systemd-devel mailing list