best way to secure /dev/shm?
Hello, The last suse systems attacks I had to 'clean-up' were all based on php scripts copying and starting some stuff in /dev/shm. To improve the security a little bit, I'd like to have this pseudo filesystem 'noexec,nosuid' (like /tmp), but under suse linux it's not in the /etc/fstab (cf. http://www.eth0.us/?q=tmp for some other ideas). Is the only way to achieve that editing directely /etc/init.d/boot.shm ? It seem to be the case: in /etc/sysconfig/kernel you can only set the size, but not the other options... (suse 9.2 in this case) Or how would you do it? Btw, is that /dev/shm *really* necessary? :) regards, Olivier
Olivier Mueller wrote:
To improve the security a little bit, I'd like to have this pseudo filesystem 'noexec,nosuid' (like /tmp), but under suse linux it's not in the /etc/fstab (cf. http://www.eth0.us/?q=tmp for some other ideas).
Is the only way to achieve that editing directely /etc/init.d/boot.shm ? It seem to be the case: in /etc/sysconfig/kernel you can only set the size, but not the other options... (suse 9.2 in this case)
I've openend a bug report for that. Mount flags will be configurable in the next SUSE Linux release. Thanks for the report! cu Ludwig -- (o_ Ludwig Nussel //\ SUSE LINUX Products GmbH, Development V_/_ http://www.suse.de/
participants (2)
-
Ludwig Nussel
-
Olivier Mueller