[arch-projects] [initscripts] /run is writable by users

[Tom Gundersen]

On Sun, May 8, 2011 at 4:58 PM, Dave Reisner <d at falconindy.com> wrote:
> On Sun, May 08, 2011 at 04:50:32PM +0200, Pierre Schmitz wrote:
>> Looks like /run is writable by every user but also limited to 10MB.
>> This way you can run a dos attack on the system by filling this fs; even
>> by accident. Do we really need write access by every user?

This is not intentional. /run itself should be writable only by root:

rc.sysinit:
/bin/mount -n -t tmpfs tmpfs /run -o mode=755,size=10M,nosuid,noexec,nodev

However, this needs to be changed in mkinitcpio, which now sets
"mode=1777". The attached patch should do it.

The problem is what to do with /run/lock (not yet released, but same
problem applies to /var/lock), where we will have the same problem. At
the moment /var/lock is 1777 which allows people to fill it up
(regardless of any limits or if it is tmpfs or not, I think). This is
only needed by some legacy apps, and the solution others have used is
to introduce the "lock" group for these apps and let them use the
folder /var/lock/lockdev which is root:lock 775, while /var/lock (or
/run/lock) is root:root and 755.

Do you think this is something we could conceivably do? Anyone has any
idea of how many packages/how much work would be involved?

> Yeah, this was discussed on systemd-devel:
>
> http://lists.freedesktop.org/archives/systemd-devel/2011-April/001839.html
>
> The short version is: there was no solution proposed that seems
> applicable to us.

This discussion was about /run/user (if I understood correctly) which
we do not implement (unless I missed it...).

-t
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-run-restrict-write-access-to-root.patch
Type: text/x-patch
Size: 880 bytes
Desc: not available
URL: <http://mailman.archlinux.org/pipermail/arch-projects/attachments/20110508/e451b055/attachment.bin>