Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Gentoo>
  3. Security
mount options for /dev/shm?
alexander.puchmayr at linznet
Apr 30, 2005, 9:14 AM
Post #1 of 6 (3083 views)
Permalink
Hi there!

/dev/shm is a volatile memory, which does not survive a reboot; hence it is
a prefered location for some hackers to place their evil code there and get
rid of evidences when an admin reboots the machine from a secure media
(e.g. a knoppix-cd) to perform further analysis.

My suggestion to prevent such attacks is to change the mount permissions
of /dev/shm per default. I can't imagine any reason why anyone should place
a temporary executeable there and start from there, except when doing
something evil.

So, please consider changing the defaults in /etc/fstab in

none /dev/shm tmpfs noexec,rw 0 0

Greetings,
Alex Puchmayr
--
gentoo-security@gentoo.org mailing list
Re: mount options for /dev/shm? [ In reply to ]
koon at gentoo
Apr 30, 2005, 9:33 AM
Post #2 of 6 (3048 views)
Permalink
Alexander Puchmayr wrote:

> /dev/shm is a volatile memory, which does not survive a reboot; hence it is
> a prefered location for some hackers to place their evil code there and get
> rid of evidences when an admin reboots the machine from a secure media
> (e.g. a knoppix-cd) to perform further analysis.
>
> My suggestion to prevent such attacks is to change the mount permissions
> of /dev/shm per default. I can't imagine any reason why anyone should place
> a temporary executeable there and start from there, except when doing
> something evil.
>
> So, please consider changing the defaults in /etc/fstab in
>
> none /dev/shm tmpfs noexec,rw 0 0

Created bug 90980. Next time, please use bugzilla directly to submit
ideas to improve default configurations.

https://bugs.gentoo.org/show_bug.cgi?id=90980

--
Thierry Carrez (Koon)
Gentoo Linux Security

Attached Files:

Re: mount options for /dev/shm? [ In reply to ]
vapier at gentoo
Apr 30, 2005, 9:22 PM
Post #3 of 6 (3052 views)
Permalink
On Saturday 30 April 2005 12:14 pm, Alexander Puchmayr wrote:
> So, please consider changing the defaults in /etc/fstab in

we already did ... over 6 months ago in fact
-mike
--
gentoo-security@gentoo.org mailing list
Re: mount options for /dev/shm? [ In reply to ]
npinkerton at gmail
May 1, 2005, 11:39 AM
Post #4 of 6 (3043 views)
Permalink
On 4/30/05, Mike Frysinger <vapier@gentoo.org> wrote:
> On Saturday 30 April 2005 12:14 pm, Alexander Puchmayr wrote:
> > So, please consider changing the defaults in /etc/fstab

what do you mean by changing the defaults in /etc/fstab? I thought you
had to write your own fstab... I've always had to write my own when
doing a gentoo install.

--
If at first you don't succeed, get a bigger hammer.

--
gentoo-security@gentoo.org mailing list
Re: mount options for /dev/shm? [ In reply to ]
cgysin at gmx
May 2, 2005, 6:55 AM
Post #5 of 6 (3039 views)
Permalink
Nathan Pinkerton wrote:
> what do you mean by changing the defaults in /etc/fstab? I thought you
> had to write your own fstab... I've always had to write my own when
> doing a gentoo install.

A default fstab is included in baselayout. You just have to modify it to your
configuration.

Christoph
--
echo mailto: NOSPAM !#$.'<*>'|sed 's. ..'|tr "<*> !#:2" org@fr33z3
--
gentoo-security@gentoo.org mailing list
Re: mount options for /dev/shm? [ In reply to ]
rlynch at mail
May 2, 2005, 7:20 AM
Post #6 of 6 (3048 views)
Permalink
On Mon, 02 May 2005 15:55:49 +0200
Christoph Gysin <cgysin@gmx.ch> wrote:

Plus you can mount a device using the mount "default" options: rw, suid, dev, exec, auto, nouser, and async. Mounting a device "noexec" could be considered modifying the default.

-Ryan Lynch

> Nathan Pinkerton wrote:
> > what do you mean by changing the defaults in /etc/fstab? I thought you
> > had to write your own fstab... I've always had to write my own when
> > doing a gentoo install.
>
> A default fstab is included in baselayout. You just have to modify it to your
> configuration.
>
> Christoph
> --
> echo mailto: NOSPAM !#$.'<*>'|sed 's. ..'|tr "<*> !#:2" org@fr33z3
> --
> gentoo-security@gentoo.org mailing list
>
--
gentoo-security@gentoo.org mailing list

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal