Your message dated Wed, 11 Jan 2012 11:34:50 +0000
with message-id <[email protected]>
and subject line Re: Bug#317329: initscripts: should /dev/shm have restricted
permissions?
has caused the Debian Bug report #317329,
regarding initscripts: should /dev/shm have restricted permissions?
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
317329: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=317329
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: initscripts
Version: 2.86.ds1-1
Severity: normal
Tags: patch
on my system, /dev/shm is mounted with the same defaults as /tmp:
ls -ld /tmp/ /dev/shm/
drwxrwxrwt 3 root root 60 2005-07-07 11:11 /dev/shm/
drwxrwxrwt 7 root root 384 2005-07-07 11:25 /tmp/
is it a security risk to allow any and all users permission to write to
/dev/shm?
a patch is attached to restrict the permissions in
/etc/init.d/mountvirtfs, if it is deemed necessary.
live well,
vagrant
-- System Information:
Debian Release: 3.1
Architecture: i386 (i586)
Kernel: Linux 2.6.8-2-386
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages initscripts depends on:
ii coreutils 5.2.1-2 The GNU core utilities
ii dpkg 1.10.28 Package maintenance system for Deb
ii e2fsprogs 1.37-2sarge1 ext2 file system utilities and lib
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii mount 2.12p-4 Tools for mounting and manipulatin
ii util-linux 2.12p-4 Miscellaneous system utilities
-- no debconf information
--- /etc/init.d/mountvirtfs 2004-07-29 05:15:25.000000000 -0600
+++ /home/vagrant/mountvirtfs 2005-07-07 11:22:12.536673352 -0600
@@ -207,9 +207,15 @@
# max size using /etc/default/tmpfs to prevent tmpfs from using
# up all system memory.
#
+tmpfs_opt="-omode=0755"
if [ -n "$TMPFS_SIZE" ]
then
- tmpfs_opt="-osize=${TMPFS_SIZE}"
+ if [ -n "$tmpfs_opt" ]
+ then
+ tmpfs_opt="${tmpfs_opt},size=${TMPFS_SIZE}"
+ else
+ tmpfs_opt="-osize=${TMPFS_SIZE}"
+ fi
fi
domount tmpfs shmfs /dev/shm $tmpfs_opt
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Version: 2.88dsf-13.3
On Sat, Sep 03, 2005 at 06:17:50PM +0200, Petter Reinholdtsen wrote:
>
> [Vagrant Cascadian]
> > is it a security risk to allow any and all users permission to write
> > to /dev/shm?
>
> Perhaps, but I believe it is required for shm_open() to work for
> non-privileged users. And POSIX shared memory operations should work
> for all users, not only for root.
Yes. WRT to the original concerns, initscripts now permits
configuration of the size limits for all the tmpfs mounts, including
/dev/shm (/run/shm), and the defaults are tighter than the tmpfs
kernel defaults, though /run/shm does default to 50%. And hopefully
in the next few months these will be exposed directly as fstab
entries rather than in /etc/default/tmpfs.
Regards,
Roger
--
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
`- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
--- End Message ---
_______________________________________________
Pkg-sysvinit-devel mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-sysvinit-devel
