Package: initscripts Version: 2.86.ds1-27 Severity: wishlist Hello,
could you please limit the size of /lib/init/rw to something reasonable?
The current version should be okay regarding DoSes because of the access
rights, however, I'm not sure how it behaves on non-overcommitting
kernels.
I personally think that something around 100k should suffice, but if
you like to have it somehow dynamic, I attached a small sample patch
which limits the size to one tenth of available memory. I moved the
section which mounts /lib/init/rw down a bit to access /proc/meminfo.
The patch works on 2.4 and 2.6 and it falls automatically back to the
defaults if /proc/meminfo should not be available or cannot be parsed.
regards
Mario
--
There is nothing more deceptive than an obvious fact.
-- Sherlock Holmes by Arthur Conan Doyle
--- /etc/init.d/mountkernfs.sh 2006-09-25 10:42:07.000000000 +0200
+++ mountkernfs.sh 2006-09-29 18:22:10.000000000 +0200
@@ -21,15 +21,6 @@
do_start () {
#
- # Get some writable area available before the root is checked
- # and remounted.
- #
- RW_OPT=
- [ "${RW_SIZE:=$TMPFS_SIZE}" ] && RW_OPT=",size=$RW_SIZE"
- domount tmpfs "" /lib/init/rw tmpfs -omode=0755,nosuid$RW_OPT
- touch /lib/init/rw/.ramfs
-
- #
# Mount proc filesystem on /proc
#
domount proc "" /proc proc -onodev,noexec,nosuid
@@ -43,6 +34,24 @@
domount sysfs "" /sys sysfs -onodev,noexec,nosuid
fi
+ #
+ # Get some writable area available before the root is checked
+ # and remounted.
+ #
+ RW_OPT=
+ if [ "${RW_SIZE:=$TMPFS_SIZE}" ]; then
+ RW_OPT=",size=$RW_SIZE"
+ else
+ while read line total rest; do
+ if [ "$line" = "Mem:" ]; then
+ RW_OPT=",size=$(($total / 10))"
+ break;
+ fi
+ done < /proc/meminfo
+ fi
+ domount tmpfs "" /lib/init/rw tmpfs -omode=0755,nosuid$RW_OPT
+ touch /lib/init/rw/.ramfs
+
# Mount /var/run and /var/lock as tmpfs if enabled
if [ yes = "$RAMRUN" ] ; then
RUN_OPT=
signature.asc
Description: Digital signature
