On Sun, May 8, 2011 at 4:58 PM, Dave Reisner <d@falconindy.com> wrote:
On Sun, May 08, 2011 at 04:50:32PM +0200, Pierre Schmitz wrote:
Looks like /run is writable by every user but also limited to 10MB. This way you can run a dos attack on the system by filling this fs; even by accident. Do we really need write access by every user?
This is not intentional. /run itself should be writable only by root: rc.sysinit: /bin/mount -n -t tmpfs tmpfs /run -o mode=755,size=10M,nosuid,noexec,nodev However, this needs to be changed in mkinitcpio, which now sets "mode=1777". The attached patch should do it. The problem is what to do with /run/lock (not yet released, but same problem applies to /var/lock), where we will have the same problem. At the moment /var/lock is 1777 which allows people to fill it up (regardless of any limits or if it is tmpfs or not, I think). This is only needed by some legacy apps, and the solution others have used is to introduce the "lock" group for these apps and let them use the folder /var/lock/lockdev which is root:lock 775, while /var/lock (or /run/lock) is root:root and 755. Do you think this is something we could conceivably do? Anyone has any idea of how many packages/how much work would be involved?
Yeah, this was discussed on systemd-devel:
http://lists.freedesktop.org/archives/systemd-devel/2011-April/001839.html
The short version is: there was no solution proposed that seems applicable to us.
This discussion was about /run/user (if I understood correctly) which we do not implement (unless I missed it...). -t