[Pkg-sysvinit-devel] Bug#344001: initscripts: /run tmpfs should impose strict size and inode limits

Roger Leigh rleigh at debian.org
Mon Dec 19 10:51:59 UTC 2005 

Package: initscripts
Version: 2.86.ds1-7
Severity: normal
Tags: experimental

/etc/init.d/mountvirtfs mounts a tmpfs on /run, but does so without
specifying any limits (size=nn), which means it defaults to half the
physical memory in the system.

Whilt in most cases this is appropriate, /run is intended to be very
small, and should only be used by a small number of packages.  With
the default size, it creates the opportunity for a denial of service
attack (by filling the fs, exhausting available virtual memory), and
also the opportunity for abuse by package maintainers; by imposing
strict limits (possibly even nr_inodes), any abuse will be quickly
spotted.

Now that there are at least two tmpfs filesystems mounted by default
(/dev/shm and /run), it might be necessary to be a bit stricter
about the size of /dev/shm as well, since together both can be as
big as all the available memory.  It would be prudent to check the
total VM size before using any default size.

For the /run size/inode limit, I would suggest adding something
similar to /etc/default/tmpfs (possibly even an addition to this
file, for example RUN_TMPFS_SIZE and SHM_TMPFS_SIZE).


Regards,
Roger

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (990, 'unstable')
Architecture: powerpc (ppc)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14.4
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)

Versions of packages initscripts depends on:
ii  coreutils     5.93-5                     The GNU core utilities
ii  debianutils   2.15.2                     Miscellaneous utilities specific t
ii  dpkg          1.13.11                    package maintenance system for Deb
ii  e2fsprogs     1.38+1.39-WIP-2005.12.10-1 ext2 file system utilities and lib
ii  libc6         2.3.5-9                    GNU C Library: Shared libraries an
ii  lsb-base      3.0-12                     Linux Standard Base 3.0 init scrip
ii  util-linux    2.12r-2                    Miscellaneous system utilities

initscripts recommends no packages.

-- no debconf information

More information about the Pkg-sysvinit-devel mailing list