On 31/01/17, Oliver Graute wrote:
> Hello list,
>
> some further background:
>
> In my system there are different services started by systemd 225 (all
> with UMask=027). Sometimes files are created with 666 sometimes with
> 640 as I wish.
>
> ls -la
> -rw-r-1 oliver oliver
On 02/01/17 13:13, Hoyer, Marko (ADITG/SW2) wrote:
> Hi,
>
> thanks to all for your fast feedback. I'll kick off an internal discussion
> based on the facts you delivered to find out if our people actually want what
> they want ;)
Filesystem W^X is a nice idea, but considering scripting or
Hi,
thanks to all for your fast feedback. I'll kick off an internal discussion
based on the facts you delivered to find out if our people actually want what
they want ;)
Best regards
Marko Hoyer
Software Group II (ADITG/SW2)
Tel. +49 5121 49 6948
-Original Message-
From:
Am 01.02.2017 um 11:02 schrieb Hoyer, Marko (ADITG/SW2):
a tiny question:
- Is there any reason why the mount points /run and /dev/shm do not have
MS_NOEXEC flags set?
We like to remove execution capabilities from all volatile areas that
are writeable to users for security reasons
it's all
On Wed, 01.02.17 11:19, Michael Biebl (mbi...@gmail.com) wrote:
> 2017-02-01 11:02 GMT+01:00 Hoyer, Marko (ADITG/SW2) :
> > - Is there any reason why the mount points /run and /dev/shm do not have
> > MS_NOEXEC flags set?
>
> /run →
Hello,
a tiny question:
- Is there any reason why the mount points /run and /dev/shm do not have
MS_NOEXEC flags set?
We like to remove execution capabilities from all volatile areas that are
writeable to users for security reasons.
Best regards
Marko Hoyer
2017-02-01 11:02 GMT+01:00 Hoyer, Marko (ADITG/SW2) :
> - Is there any reason why the mount points /run and /dev/shm do not have
> MS_NOEXEC flags set?
/run → https://www.freedesktop.org/wiki/Software/systemd/InitrdInterface/
the initrd can place executables in /run so it