Am 01.02.2017 um 11:02 schrieb Hoyer, Marko (ADITG/SW2):
a tiny question: - Is there any reason why the mount points /run and /dev/shm do not have MS_NOEXEC flags set? We like to remove execution capabilities from all volatile areas that are writeable to users for security reasons
it's all not that easy - see https://bugzilla.redhat.com/show_bug.cgi?id=1398474 and https://bugs.exim.org/show_bug.cgi?id=1749 and i am pretty sure other pieces would break on case of noexec SHM (yes i know that these bugreports are not about SHM, they are just a example)
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel