noexec on /dev/shm
Matthew Miller
mattdm at mattdm.org
Tue Dec 14 16:51:15 UTC 2010
On Tue, Dec 14, 2010 at 02:25:38PM +0000, Richard W.M. Jones wrote:
> I think it's very reasonable to want to edit /etc/fstab to change the
> default mount options of these filesystems. Suppose that /dev/shm
> defaults to allowing suid and exec. At some point in the future a
> security problem is found which can be worked around by temporarily
> setting nosuid on /dev/shm (while the real issue is fixed). An
> administrator can't do that without recompiling systemd.
I'm not sure there's a win in having systemd do magic rather than just using
fstab -- reminds me of IRIX and its auto-mounting of some but not all swap
partitions. (Yay newbie admin confusion!)
But if there's a good technical reason, it still seems reasonable to let
/etc/fstab override the defaults.
--
Matthew Miller <mattdm at mattdm.org>
Senior Systems Architect -- Instructional & Research Computing Services
Harvard School of Engineering & Applied Sciences
More information about the devel
mailing list