[Pkg-sysvinit-devel]
Re: Bug#378182: mount -o nosuid, nodev /dev/shm
Oleg Verych
olecom at flower.upol.cz
Sat Nov 18 08:02:02 CET 2006
On 2006-08-02, Petter Reinholdtsen wrote:
>
> tags 378182 + patch
> thanks
>
> [Dean Gaudet]
>> /dev/shm should be mounted -o nosuid,nodev ... there's no reason to
>> allow suid binaries or devices in /dev/shm.
>
> If I understand you correctly, you are proposing the change in the
> patch I attach here. I'm not sure what the consequences would be,
> though I agree that the "normal" /dev/shm/ should work with both
> nosuid and nodev options enabled. This bug report is a variation of
> bug #378280, where a similar request is made for /proc/ and /sys/.
> There, -o noexec,nodev,nosuid is proposed. Is there any reason why
> /dev/shm/ should allow executables?
I have /tmp as symlink to /dev/shm. While i did that manually, i think
with amounts of modern RAM, it's OK. And many "dpkg -i" will fail with
"noexec".
____
More information about the Pkg-sysvinit-devel
mailing list