Ubuntu

/dev/shm is not always mounted with the added options.

Registered by daniel CURTIS on 2013-07-18

Hi. I think, that everything is described (with a solution) in my question: #232487. It is about mounting /dev/shm. In Stricter Defaults wiki/documentation is written, that /dev/shm is used e.g. in an attack against a running service, such as httpd etc. I noticed, that when user adds a new option to a line from mentioned wiki, to the '/etc/fstab' file, then once per a few times, /run/shm (which is a symlink to /dev/shm) will be mounted, but e.g. without 'noexec' - an option which was added. Also in '/proc/self/mounts' and '/proc/self/mountstats' files, there are two entries about /dev/shm.

For me, a solution was to change /dev/shm to /run/shm in the '/etc/fstab' file. I think this information should be changed, in the StricterDefaults document under 'Shared Memory' section, because of a users, who wants to achieve more security and wants to add more options etc. I'm sorry, if this is not an error/bug or whatever.

Best regards.
_______________
#232487 question: https://answers.launchpad.net/ubuntu/+question/232487

Read the full specification

Blueprint information

Status:: Not started

Approver:: None

Priority:: Undefined

Drafter:: None

Direction:: Needs approval

Assignee:: None

Definition:: New

Series goal:: None

Implementation:: Unknown

Milestone target:: None

Related branches

Related bugs

Sprints

Whiteboard

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

No subscribers.