On Sun, May 8, 2011 at 4:58 PM, Dave Reisner <[email protected]> wrote: > On Sun, May 08, 2011 at 04:50:32PM +0200, Pierre Schmitz wrote: >> Looks like /run is writable by every user but also limited to 10MB. >> This way you can run a dos attack on the system by filling this fs; even >> by accident. Do we really need write access by every user?
This is not intentional. /run itself should be writable only by root: rc.sysinit: /bin/mount -n -t tmpfs tmpfs /run -o mode=755,size=10M,nosuid,noexec,nodev However, this needs to be changed in mkinitcpio, which now sets "mode=1777". The attached patch should do it. The problem is what to do with /run/lock (not yet released, but same problem applies to /var/lock), where we will have the same problem. At the moment /var/lock is 1777 which allows people to fill it up (regardless of any limits or if it is tmpfs or not, I think). This is only needed by some legacy apps, and the solution others have used is to introduce the "lock" group for these apps and let them use the folder /var/lock/lockdev which is root:lock 775, while /var/lock (or /run/lock) is root:root and 755. Do you think this is something we could conceivably do? Anyone has any idea of how many packages/how much work would be involved? > Yeah, this was discussed on systemd-devel: > > http://lists.freedesktop.org/archives/systemd-devel/2011-April/001839.html > > The short version is: there was no solution proposed that seems > applicable to us. This discussion was about /run/user (if I understood correctly) which we do not implement (unless I missed it...). -t
From b89bbf1d6471fd66029ca3ead05936627fea383a Mon Sep 17 00:00:00 2001 From: Tom Gundersen <[email protected]> Date: Sun, 8 May 2011 17:46:02 +0200 Subject: [PATCH] /run: restrict write access to root This brings it in line with initscripts (and systemd), there should be no need for everyone to have write access to the /run folder. Reported-by: Pierre Schmitz <[email protected]> Signed-off-by: Tom Gundersen <[email protected]> --- init | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/init b/init index 7b81a1a..242aaf2 100644 --- a/init +++ b/init @@ -17,7 +17,7 @@ else # /dev/mem is needed if we want to load uvesafb before triggering uevents /bin/mknod /dev/mem c 1 1 fi -/bin/mount -t tmpfs run /run -o nosuid,noexec,nodev,mode=1777,size=10M +/bin/mount -t tmpfs run /run -o nosuid,noexec,nodev,mode=755,size=10M root="" init="" -- 1.7.5.1
