On 31/01/17, Oliver Graute wrote:
> Hello list,
>
> some further background:
>
> In my system there are different services started by systemd 225 (all
> with UMask=027). Sometimes files are created with 666 sometimes with
> 640 as I wish.
>
> ls -la
> -rw-r-1 oliver oliver
On 02/01/17 13:13, Hoyer, Marko (ADITG/SW2) wrote:
> Hi,
>
> thanks to all for your fast feedback. I'll kick off an internal discussion
> based on the facts you delivered to find out if our people actually want what
> they want ;)
Filesystem W^X is a nice idea, but considering scripting or othe
Hi,
thanks to all for your fast feedback. I'll kick off an internal discussion
based on the facts you delivered to find out if our people actually want what
they want ;)
Best regards
Marko Hoyer
Software Group II (ADITG/SW2)
Tel. +49 5121 49 6948
-Original Message-
From: systemd-devel
Am 01.02.2017 um 11:02 schrieb Hoyer, Marko (ADITG/SW2):
a tiny question:
- Is there any reason why the mount points /run and /dev/shm do not have
MS_NOEXEC flags set?
We like to remove execution capabilities from all volatile areas that
are writeable to users for security reasons
it's all
On Wed, 01.02.17 11:19, Michael Biebl ([email protected]) wrote:
> 2017-02-01 11:02 GMT+01:00 Hoyer, Marko (ADITG/SW2) :
> > - Is there any reason why the mount points /run and /dev/shm do not have
> > MS_NOEXEC flags set?
>
> /run → https://www.freedesktop.org/wiki/Software/systemd/InitrdInterfac
Hello,
a tiny question:
- Is there any reason why the mount points /run and /dev/shm do not have
MS_NOEXEC flags set?
We like to remove execution capabilities from all volatile areas that are
writeable to users for security reasons.
Best regards
Marko Hoyer
___
2017-02-01 11:02 GMT+01:00 Hoyer, Marko (ADITG/SW2) :
> - Is there any reason why the mount points /run and /dev/shm do not have
> MS_NOEXEC flags set?
/run → https://www.freedesktop.org/wiki/Software/systemd/InitrdInterface/
the initrd can place executables in /run so it can cleanly
disasssemble
