[arch-dev-public] [arch-general] [initscripts] Please revert last commit 757f653
Jan de Groot
jan at jgc.homeip.net
Mon Aug 24 03:29:49 EDT 2009
On Mon, 2009-08-24 at 09:20 +0200, Thomas Bächler wrote:
> Jan de Groot schrieb:
> > Some applications like the ones mentioned in the original post will mmap
> > files in /dev/ with the PROT_EXEC flag. When the filesystem is mounted
> > as noexec, these mmap operations will fail. Even if the program doesn't
> > execute anything used in the mmap operation, the whole mmap operation
> > will just fail when this flag is set on a noexec filesystem.
> How stupid. Can I at least put nosuid there? And put nosuid to /dev/shm
> as well?
I think that might be good. I don't see reason to store suid stuff
in /tmp, /dev and /dev/shm. Out of these, /dev/shm and /tmp are the most
important ones that should be nosuid.
More information about the arch-dev-public