[Pkg-sysvinit-devel] Bug#378182: mount -o nosuid,nodev /dev/shm
Petter Reinholdtsen
pere at hungry.com
Wed Aug 2 23:07:41 UTC 2006
tags 378182 + patch
thanks
[Dean Gaudet]
> /dev/shm should be mounted -o nosuid,nodev ... there's no reason to
> allow suid binaries or devices in /dev/shm.
If I understand you correctly, you are proposing the change in the
patch I attach here. I'm not sure what the consequences would be,
though I agree that the "normal" /dev/shm/ should work with both
nosuid and nodev options enabled. This bug report is a variation of
bug #378280, where a similar request is made for /proc/ and /sys/.
There, -o noexec,nodev,nosuid is proposed. Is there any reason why
/dev/shm/ should allow executables?
We need to test and see what the side effect of this patch is before
we upload such change to unstable.
Index: debian/initscripts/etc/init.d/mountdevsubfs.sh
===================================================================
--- debian/initscripts/etc/init.d/mountdevsubfs.sh (revisjon 813)
+++ debian/initscripts/etc/init.d/mountdevsubfs.sh (arbeidskopi)
@@ -33,7 +33,7 @@
#
SHM_OPT=
[ "${SHM_SIZE:=$TMPFS_SIZE}" ] && SHM_OPT="-osize=$SHM_SIZE"
- domount tmpfs shmfs /dev/shm $SHM_OPT
+ domount tmpfs shmfs /dev/shm -onosuid,nodev $SHM_OPT
#
# Mount /dev/pts. Create master ptmx node if needed.
The patch is mostly untested. I rebootet my test installation once
with it, and could see that /dev/shm/ had the new options enabled.
Friendly,
--
Petter Reinholdtsen
More information about the Pkg-sysvinit-devel
mailing list