Re: noexec on /dev/shm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Dec 14, 2010 at 02:24:53PM +0100, Tomasz Torcz wrote:
>   We saw it includes /dev, /dev/shm etc.  Is there any *reasonable* need
> to mount sysfs somewhere else than /sys. Or /dev with mode other than 755?
> Those all directories are mounted _identically_ on every Linux distribution
> down here.  Why pollute fstab with repeated lines on million machines?

The issue here isn't that the reporter wanted to mount them somewhere
else, but he wanted to set the default mount options to something else
(or in fact to set them back to how they are now -- systemd has
decided to use some other mount options entirely without consulting
anyone else).

I think it's very reasonable to want to edit /etc/fstab to change the
default mount options of these filesystems.  Suppose that /dev/shm
defaults to allowing suid and exec.  At some point in the future a
security problem is found which can be worked around by temporarily
setting nosuid on /dev/shm (while the real issue is fixed).  An
administrator can't do that without recompiling systemd.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
New in Fedora 11: Fedora Windows cross-compiler. Compile Windows
programs, test, and build Windows installers. Over 70 libraries supprt'd
http://fedoraproject.org/wiki/MinGW http://www.annexia.org/fedora_mingw
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux