On Wed, 01.02.17 11:19, Michael Biebl ([email protected]) wrote: > 2017-02-01 11:02 GMT+01:00 Hoyer, Marko (ADITG/SW2) <[email protected]>: > > - Is there any reason why the mount points /run and /dev/shm do not have > > MS_NOEXEC flags set? > > /run → https://www.freedesktop.org/wiki/Software/systemd/InitrdInterface/ > > the initrd can place executables in /run so it can cleanly > disasssemble the / file system > > /dev/shm → the mount options have been like this for basically > forever. I assume changing that has the potential to break existing > software
Also, some software uses these locations to place memory mapped files with PROT_EXEC set, which setting MS_NOEXEC prohibits too. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/systemd-devel
