Package: initscripts Version: 2.86.ds1-16 Hello,
could you please consider removal of the noexec flag from the /dev/shm mount... Mounting it noexec breaks bind-mounts to /tmp on Debian systems because dpkg runs files from /tmp (for preconfiguration). Bind-mounting /dev/shm to /tmp instead of creating a new tmpfs for /tmp is far more safe regarding memory-DoS attacks. That's why I think this is not that uncommon. Btw... mounting /dev/shm noexec doesn't really improve system security since it's just one of many temp-locations where users have write-access (and exec-permission) to (besides /tmp, /var/tmp, /var/lock, etc.) - and yet the least persistent one :) Here are my fstab entries for virtual filesystems which work quite well for months now, just in case it helps you (you don't yet restrict /dev/pts for example)... sysfs /sys sysfs nosuid,nodev,noexec 0 0 proc /proc proc nosuid,nodev,noexec 0 0 usbfs /proc/bus/usb usbfs nosuid,nodev,noexec 0 0 devpts /dev/pts devpts nosuid,noexec 0 0 tmpfs /dev/shm tmpfs nosuid,nodev 0 0 ... /dev/shm /tmp none bind 0 0 Thanks for your work & regards Mario -- I heard, if you play a NT-CD backwards, you get satanic messages... That's nothing. If you play it forwards, it installs NT.
signature.asc
Description: Digital signature
