On Sat, Dec 15, 2012 at 01:18:13AM +0100, Michael Biebl wrote: > severity 635131 important > thanks > > On 22.07.2011 23:27, Roger Leigh wrote: > > > /run/user is created by systemd. This contains within it directories > > owned by logged in users e.g. /run/user/rleigh in my case, and the > > environment variable XDG_RUNTIME_DIR is set to this location. > > > > There are a few problems with this: > > > > 1) Any user can now trivially DoS the system by filling up /run. > > I think that is a valid problem and a possible solution would be to use > a separate tmpfs for /run/user as long as we don't have quota support > for tmpfs. > > mountall (upstart) goes this route and uses > none /run/user tmpfs nodev,noexec,nosuid,size=104857600,mode=0755 0 0 > in /lib/init/fstab. > > The only tricky part here is the size. > We can either: > a/ hard code it and ship a run-user.mount unit in /lib/systemd/system > b/ generate it dynamically upon installation and store the mount unit in > /etc/systemd/system > > If a/, the question is which size we chose, if b/ which percentage of > the available RAM we use.
As discussed on IRC last week, I still fail to see a valid reason for using the /run tmpfs for user data. While using yet another tmpfs mount somewhat mitigates the DoS issue, it doesn't address the question of why it really needs to be here in the first place. I would still prefer option c/ Use tmpfs Steve, I don't know if you've seen this bug previously, but it would be useful to have your input from the upstart POV. While the tmpfs issue is important, for me I think that point (2) in my original mail has rather wider-reaching implications regarding session management. I do not wish to cripple the basic session management we have e.g. with PAM by inheriting the restrictions of GNOME session management system wide. It's fundamentally broken, and I really object to having this pushed onto the base system by systemd. Debian is not just for desktop environments. Regards, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' schroot and sbuild http://alioth.debian.org/projects/buildd-tools `- GPG Public Key F33D 281D 470A B443 6756 147C 07B3 C8BC 4083 E800 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
