Am 08.05.2011 17:52, schrieb Tom Gundersen: > On Sun, May 8, 2011 at 4:58 PM, Dave Reisner <[email protected]> wrote: >> On Sun, May 08, 2011 at 04:50:32PM +0200, Pierre Schmitz wrote: >>> Looks like /run is writable by every user but also limited to 10MB. >>> This way you can run a dos attack on the system by filling this fs; even >>> by accident. Do we really need write access by every user? > > This is not intentional. /run itself should be writable only by root: > > rc.sysinit: > /bin/mount -n -t tmpfs tmpfs /run -o mode=755,size=10M,nosuid,noexec,nodev > > However, this needs to be changed in mkinitcpio, which now sets > "mode=1777". The attached patch should do it.
I asked around when I added the patch, and Dave specifically told me to give it the 777 mode.
signature.asc
Description: OpenPGP digital signature
