/dev/shm is not always mounted with the added options.
Hi. I think, that everything is described (with a solution) in my question: #232487. It is about mounting /dev/shm. In Stricter Defaults wiki/documentation is written, that /dev/shm is used e.g. in an attack against a running service, such as httpd etc. I noticed, that when user adds a new option to a line from mentioned wiki, to the '/etc/fstab' file, then once per a few times, /run/shm (which is a symlink to /dev/shm) will be mounted, but e.g. without 'noexec' - an option which was added. Also in '/proc/self/mounts' and '/proc/
For me, a solution was to change /dev/shm to /run/shm in the '/etc/fstab' file. I think this information should be changed, in the StricterDefaults document under 'Shared Memory' section, because of a users, who wants to achieve more security and wants to add more options etc. I'm sorry, if this is not an error/bug or whatever.
Best regards.
_______________
#232487 question: https:/
Blueprint information
- Status:
- Not started
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- None
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- New
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by