Hi, thanks to all for your fast feedback. I'll kick off an internal discussion based on the facts you delivered to find out if our people actually want what they want ;)
Best regards Marko Hoyer Software Group II (ADITG/SW2) Tel. +49 5121 49 6948 -----Original Message----- From: systemd-devel [mailto:systemd-devel-boun...@lists.freedesktop.org] On Behalf Of Reindl Harald Sent: Mittwoch, 1. Februar 2017 11:55 To: systemd-devel@lists.freedesktop.org Subject: Re: [systemd-devel] Any reason why /run and /dev/shm do not have MS_NOEXEC flags set? Am 01.02.2017 um 11:02 schrieb Hoyer, Marko (ADITG/SW2): > a tiny question: > > - Is there any reason why the mount points /run and /dev/shm do not > have MS_NOEXEC flags set? > > We like to remove execution capabilities from all volatile areas that > are writeable to users for security reasons it's all not that easy - see https://bugzilla.redhat.com/show_bug.cgi?id=1398474 and https://bugs.exim.org/show_bug.cgi?id=1749 and i am pretty sure other pieces would break on case of noexec SHM (yes i know that these bugreports are not about SHM, they are just a example) _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel