Hi,

thanks to all for your fast feedback. I'll kick off an internal discussion 
based on the facts you delivered to find out if our people actually want what 
they want ;)

Best regards

Marko Hoyer
Software Group II (ADITG/SW2)

Tel. +49 5121 49 6948
-----Original Message-----
From: systemd-devel [mailto:systemd-devel-boun...@lists.freedesktop.org] On 
Behalf Of Reindl Harald
Sent: Mittwoch, 1. Februar 2017 11:55
To: systemd-devel@lists.freedesktop.org
Subject: Re: [systemd-devel] Any reason why /run and /dev/shm do not have 
MS_NOEXEC flags set?



Am 01.02.2017 um 11:02 schrieb Hoyer, Marko (ADITG/SW2):
> a tiny question:
>
> - Is there any reason why the mount points /run and /dev/shm do not 
> have MS_NOEXEC flags set?
>
> We like to remove execution capabilities from all volatile areas that 
> are writeable to users for security reasons

it's all not that easy - see
https://bugzilla.redhat.com/show_bug.cgi?id=1398474 and
https://bugs.exim.org/show_bug.cgi?id=1749 and i am pretty sure other pieces 
would break on case of noexec SHM (yes i know that these bugreports are not 
about SHM, they are just a example)


_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Reply via email to