[arch-projects] [initscripts] /run is writable by users
teg at jklm.no
Sun May 8 11:52:35 EDT 2011
On Sun, May 8, 2011 at 4:58 PM, Dave Reisner <d at falconindy.com> wrote:
> On Sun, May 08, 2011 at 04:50:32PM +0200, Pierre Schmitz wrote:
>> Looks like /run is writable by every user but also limited to 10MB.
>> This way you can run a dos attack on the system by filling this fs; even
>> by accident. Do we really need write access by every user?
This is not intentional. /run itself should be writable only by root:
/bin/mount -n -t tmpfs tmpfs /run -o mode=755,size=10M,nosuid,noexec,nodev
However, this needs to be changed in mkinitcpio, which now sets
"mode=1777". The attached patch should do it.
The problem is what to do with /run/lock (not yet released, but same
problem applies to /var/lock), where we will have the same problem. At
the moment /var/lock is 1777 which allows people to fill it up
(regardless of any limits or if it is tmpfs or not, I think). This is
only needed by some legacy apps, and the solution others have used is
to introduce the "lock" group for these apps and let them use the
folder /var/lock/lockdev which is root:lock 775, while /var/lock (or
/run/lock) is root:root and 755.
Do you think this is something we could conceivably do? Anyone has any
idea of how many packages/how much work would be involved?
> Yeah, this was discussed on systemd-devel:
> The short version is: there was no solution proposed that seems
> applicable to us.
This discussion was about /run/user (if I understood correctly) which
we do not implement (unless I missed it...).
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 880 bytes
Desc: not available
More information about the arch-projects