[systemd-devel] Antw: [EXT] Re: Creating executable device nodes in /dev?
Ulrich Windl
Ulrich.Windl at rz.uni-regensburg.de
Wed Dec 9 07:58:52 UTC 2020
>>> Jarkko Sakkinen <jarkko at kernel.org> schrieb am 09.12.2020 um 01:15 in Nachricht
<20201209001521.GA64007 at kernel.org>:
...
>
> What's the data that supports having noexec /dev anyway? With root
> access I can then just use something else like /dev/shm mount.
>
> Has there been out in the wild real world cases that noexec mount
> of would have prevented?
>
> For me this sounds a lot just something that "feels more secure"
> without any measurable benefit. Can you prove me wrong?
I think the better question is: Why not allow it? I.e.: Why do you want to forbid it?
Event though I wouldn't like it myself, I could even think of noexec /tmp.
Regards,
Ulrich
More information about the systemd-devel
mailing list