2011/4/3 Kay Sievers <kay.sievers(a)vrfy.org>:
2011/4/3 Lennart Poettering <mzerqung(a)0pointer.de>:
> On Sun, 03.04.11 23:28, Michał Piotrowski (mkkp4x4(a)gmail.com) wrote:
>
>> > But for /dev/shm I see no quick fix... do you?
>>
>> Unfortunately not. No one foresaw that quota support on tmpfs will
>> someday be useful :)
>>
>> >
>> > I think we should fix either both or should wait for the proper fix by
>> > the kernel.
>>
>> Can you temporarily fix one?
>
> Well, of course we could.
>
> But, think about it, what does this help? The vulnerability doesn't go
> away by doing this, and we'd have a temporary hack in there, that we'd
> have to remove later on again.
Systems who might run into problems with /dev/shm, can just add limits
to /etc/fstab, and systemd will re-mount it and apply them.
There should really be a _proper_ solution some day, be it quota or
something else. We have way too many /tmp-like dirs, where users can
just leave their crap behind and cause problems. This is really
nothing new with systemd.
I'm not saying that systemd is guilty of anything here :) Introduction
of /run dir just introduced yet another problem that can be used by
malicious users. I know that the most appropriate solution would be to
fix tmpfs but before it happens this problem can be used many times to
piss off admins and other system users.
Kay
--
Best regards,
Michal
http://eventhorizon.pl/