F15 - status of /run/user, /dev/shm, and potential for a DoS attack

Adam Williamson awilliam at redhat.com
Wed May 18 07:06:19 UTC 2011


On Wed, 2011-05-18 at 06:31 +0000, JB wrote:
> Hi,
> 
> There are threads on this list and a Bugzilla report filed.
> 
> Can somebody explain what is the current status of it with regard to F15
> release declared ready ?

Yup, indeed there are.

> The problem affects /run/user/ and /dev/shm.
> As I understand they are a DoS capable attack venues.
> There are separate temporary remedies offered for both problems, but they are
> up to users themselves to apply.
> 
> Was that considered to be a blocker and a part of release criteria for F15 ?

Nope. As discussed recently (I think, though I can't find it right now,
if anyone has a link that'd be great) on the devel list, this isn't
really anything new: just about any vaguely mainstream distro with a
typical configuration is subject to any number of known DoS attacks from
a local user account. I think it's accurate to say that Fedora doesn't
really aim to make it impossible for a local user to DoS the system with
an out of the box configuration, so it would not make sense to consider
such situations release blocking.

> As the problem is known in advance, will it be part of an official release
> announcement and Fedora documentation, describing it and how the users can 
> protect their machines thru a temporary remedy ?

I don't know, if anyone else does, please speak up. I don't think it's
mentioned in the release notes. It's generally worth having known DoS
potentials documented somewhere or other, for those who really need to
protect against local users, but I don't believe we have any formal
policy for this, and it wouldn't really be a QA issue.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net



More information about the test mailing list