tags 386368 + wontfix thanks [Mario 'BitKoenig' Holbe] > could you please consider removal of the noexec flag from the /dev/shm > mount... Mounting it noexec breaks bind-mounts to /tmp on Debian systems > because dpkg runs files from /tmp (for preconfiguration).
This is not supposed to work. The /dev/shm file system is to be only used by the shm functions in glibc, as all other use would polute the name space for shared memory segments. I discovered misuse of /dev/shm/ in checkroot.sh, and am currently trying to rewrite it to stay away from /dev/shm/. > Bind-mounting /dev/shm to /tmp instead of creating a new tmpfs for /tmp > is far more safe regarding memory-DoS attacks. That's why I think this > is not that uncommon. It might not be uncommon, but it has never been supported, is against the expressed purpose of /dev/shm/, and I will not add noexec back to support it. > Here are my fstab entries for virtual filesystems which work quite well > for months now, just in case it helps you (you don't yet restrict > /dev/pts for example)... Yes, I am aware of the /dev/pts/ issue, but I have not tested the effect of restrictingit, so I have left it behind. I take it from your report that you have verified that it is ok to mount /dev/pts/ nosuid,noexec? If that is the case, I will add those flags to the default boot. Friendly, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
