[arch-projects] [initscripts] /run is writable by users
Thomas Bächler
thomas at archlinux.org
Sun May 8 12:40:32 EDT 2011
Am 08.05.2011 17:52, schrieb Tom Gundersen:
> On Sun, May 8, 2011 at 4:58 PM, Dave Reisner <d at falconindy.com> wrote:
>> On Sun, May 08, 2011 at 04:50:32PM +0200, Pierre Schmitz wrote:
>>> Looks like /run is writable by every user but also limited to 10MB.
>>> This way you can run a dos attack on the system by filling this fs; even
>>> by accident. Do we really need write access by every user?
>
> This is not intentional. /run itself should be writable only by root:
>
> rc.sysinit:
> /bin/mount -n -t tmpfs tmpfs /run -o mode=755,size=10M,nosuid,noexec,nodev
>
> However, this needs to be changed in mkinitcpio, which now sets
> "mode=1777". The attached patch should do it.
I asked around when I added the patch, and Dave specifically told me to
give it the 777 mode.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-projects/attachments/20110508/5e4d7b76/attachment.asc>
More information about the arch-projects
mailing list