noexec on /dev/shm
Richard W.M. Jones
rjones at redhat.com
Fri Jan 7 11:46:55 UTC 2011
On Tue, Jan 04, 2011 at 05:42:12PM -0800, Garrett Holmstrom wrote:
> On Tue, Jan 4, 2011 at 4:31 PM, Bernie Innocenti <bernie at codewiz.org> wrote:
> > What sort of attack would this enable?
> >
> > Wait... any unprivileged process can create sockets in the abstract
> > namespace? Uh-oh.
>
> Any unprivileged process can prevent you from running X on a given
> display by using up the socket name that X wants to use. This is a
> textbook DOS scenario.
If we have private /tmp this problem would go away.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
New in Fedora 11: Fedora Windows cross-compiler. Compile Windows
programs, test, and build Windows installers. Over 70 libraries supprt'd
http://fedoraproject.org/wiki/MinGW http://www.annexia.org/fedora_mingw
More information about the devel
mailing list