8 May
2011
8 May
'11
4:40 p.m.
Am 08.05.2011 17:52, schrieb Tom Gundersen:
On Sun, May 8, 2011 at 4:58 PM, Dave Reisner <d@falconindy.com> wrote:
On Sun, May 08, 2011 at 04:50:32PM +0200, Pierre Schmitz wrote:
Looks like /run is writable by every user but also limited to 10MB. This way you can run a dos attack on the system by filling this fs; even by accident. Do we really need write access by every user?
This is not intentional. /run itself should be writable only by root:
rc.sysinit: /bin/mount -n -t tmpfs tmpfs /run -o mode=755,size=10M,nosuid,noexec,nodev
However, this needs to be changed in mkinitcpio, which now sets "mode=1777". The attached patch should do it.
I asked around when I added the patch, and Dave specifically told me to give it the 777 mode.