twoch, 1. Februar 2017 18:11
To: systemd-devel@lists.freedesktop.org
Subject: Re: [systemd-devel] Any reason why /run and /dev/shm do not have
MS_NOEXEC flags set?
On 02/01/17 13:13, Hoyer, Marko (ADITG/SW2) wrote:
> Hi,
>
> thanks to all for your fast feedback. I'll kick off an int
On 02/01/17 13:13, Hoyer, Marko (ADITG/SW2) wrote:
> Hi,
>
> thanks to all for your fast feedback. I'll kick off an internal discussion
> based on the facts you delivered to find out if our people actually want what
> they want ;)
Filesystem W^X is a nice idea, but considering scripting or othe
stemd-devel [mailto:systemd-devel-boun...@lists.freedesktop.org] On
Behalf Of Reindl Harald
Sent: Mittwoch, 1. Februar 2017 11:55
To: systemd-devel@lists.freedesktop.org
Subject: Re: [systemd-devel] Any reason why /run and /dev/shm do not have
MS_NOEXEC flags set?
Am 01.02.2017 um 11:02 schrieb
Am 01.02.2017 um 11:02 schrieb Hoyer, Marko (ADITG/SW2):
a tiny question:
- Is there any reason why the mount points /run and /dev/shm do not have
MS_NOEXEC flags set?
We like to remove execution capabilities from all volatile areas that
are writeable to users for security reasons
it's all
On Wed, 01.02.17 11:19, Michael Biebl (mbi...@gmail.com) wrote:
> 2017-02-01 11:02 GMT+01:00 Hoyer, Marko (ADITG/SW2) :
> > - Is there any reason why the mount points /run and /dev/shm do not have
> > MS_NOEXEC flags set?
>
> /run → https://www.freedesktop.org/wiki/Software/systemd/InitrdInterfac
Hello,
a tiny question:
- Is there any reason why the mount points /run and /dev/shm do not have
MS_NOEXEC flags set?
We like to remove execution capabilities from all volatile areas that are
writeable to users for security reasons.
Best regards
Marko Hoyer
___
2017-02-01 11:02 GMT+01:00 Hoyer, Marko (ADITG/SW2) :
> - Is there any reason why the mount points /run and /dev/shm do not have
> MS_NOEXEC flags set?
/run → https://www.freedesktop.org/wiki/Software/systemd/InitrdInterface/
the initrd can place executables in /run so it can cleanly
disasssemble