Thx for the ideas. I'll bring them up in an internal discussion as well. Best regards
Marko Hoyer Software Group II (ADITG/SW2) Tel. +49 5121 49 6948 -----Original Message----- From: systemd-devel [mailto:[email protected]] On Behalf Of Topi Miettinen Sent: Mittwoch, 1. Februar 2017 18:11 To: [email protected] Subject: Re: [systemd-devel] Any reason why /run and /dev/shm do not have MS_NOEXEC flags set? On 02/01/17 13:13, Hoyer, Marko (ADITG/SW2) wrote: > Hi, > > thanks to all for your fast feedback. I'll kick off an internal > discussion based on the facts you delivered to find out if our people > actually want what they want ;) Filesystem W^X is a nice idea, but considering scripting or other (even unintentional) Turing complete interpreters in a system, its not very strong protection. See also https://lwn.net/Articles/708196/ In my setup I have mounted /run with noexec, but /run/user/* still exec. Then for each service you can enable systemd directive ProtectHome=true which makes /run/user inaccessible. Likewise for /dev/shm, you can check if it is needed by each service at all and make it completely inaccessible if so, rather than making it globally noexec. -Topi _______________________________________________ systemd-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/systemd-devel _______________________________________________ systemd-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/systemd-devel
