[Pkg-sysvinit-devel] Bug#386368: initscripts: please don't mount
/dev/shm noexec
Mario 'BitKoenig' Holbe
Mario.Holbe at TU-Ilmenau.DE
Thu Sep 7 17:16:44 UTC 2006
On Thu, Sep 07, 2006 at 04:36:40PM +0200, Petter Reinholdtsen wrote:
> This is not supposed to work. The /dev/shm file system is to be only
> used by the shm functions in glibc, as all other use would polute the
> name space for shared memory segments. I discovered misuse of
> /dev/shm/ in checkroot.sh, and am currently trying to rewrite it to
> stay away from /dev/shm/.
Well, then probably have a look at ifupdown and resolvconf too :)
> It might not be uncommon, but it has never been supported, is against
> the expressed purpose of /dev/shm/, and I will not add noexec back to
> support it.
Okay, I will fix this locally then.
> Yes, I am aware of the /dev/pts/ issue, but I have not tested the
> effect of restrictingit, so I have left it behind. I take it from
> your report that you have verified that it is ok to mount /dev/pts/
> nosuid,noexec? If that is the case, I will add those flags to the
Yes, it is okay. Well, at least I did not experience any problems with
it. And problems are also very unlikely to happen, since /dev/pts
contains *only* device nodes, which should never be executed, neither
normally nor suid :)
Mario
--
But after a while I learned the trick of speaking fast. You don't have
to think any faster; just use twice as many words to say everything.
-- Paul Graham
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-sysvinit-devel/attachments/20060907/400599cd/attachment.pgp
More information about the Pkg-sysvinit-devel
mailing list