[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] best way to secure /dev/shm?

To: suse-security@xxxxxxxx
Subject: [suse-security] best way to secure /dev/shm?
From: Olivier Mueller <om-lists-suse-security@xxxxxx>
Date: Sat, 14 May 2005 02:09:07 +0200
Delivered-to: mailing list suse-security@xxxxxxxx
List-help: <mailto:suse-security-help@suse.com>
List-post: <mailto:suse-security@suse.com>
List-subscribe: <mailto:suse-security-subscribe@suse.com>
List-unsubscribe: <mailto:suse-security-unsubscribe-suse=archive.cert.uni-stuttgart.de@suse.com>
Mailing-list: contact suse-security-help@xxxxxxxx; run by ezmlm

Hello,

The last suse systems attacks I had to 'clean-up' were
all based on php scripts copying and starting some stuff
in /dev/shm. 

To improve the security a little bit, I'd like to have this
pseudo filesystem 'noexec,nosuid' (like /tmp), but under
suse linux it's not in the /etc/fstab
(cf. http://www.eth0.us/?q=tmp for some other ideas).

Is the only way to achieve that editing directely
/etc/init.d/boot.shm ? It seem to be the case: in
/etc/sysconfig/kernel you can only set the size, but
not the other options...  (suse 9.2 in this case) 

Or how would you do it?  Btw, is that /dev/shm *really*
necessary? :)

regards,
Olivier



-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

Follow-Ups:
- Re: [suse-security] best way to secure /dev/shm?
  - From: Ludwig Nussel

Prev by Date: Re: [suse-security] fix for new elf loader bug?
Next by Date: [suse-security] Upgrade to gpg-1.4 on SUSE 9.0?
Previous by thread: Re: [suse-security] fix for new elf loader bug?
Next by thread: Re: [suse-security] best way to secure /dev/shm?
Index(es):
- Date
- Thread