LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   /dev/shm (https://www.linuxquestions.org/questions/slackware-14/dev-shm-645285/)

GazL 05-28-2008 06:26 AM
/dev/shm
 
Having just gotten around to installing 12.1, I've noticed that I've gained a /dev/shm tmpfs filesystem. What's the deal with this? From quick google searches, amongst all the mis-information I've found a bit of detail and that it belongs to the libc6 posix shared memory implementation. Is this a new implementation of the, SysV IPC shmctl(2) et al, or is it something new?

Though its not a major issue for me, I like to run a tight ship and what concerns me is that /dev/shm appears to be a world writable filesystem and that it can be abused by putting files directly in it as such....
Code:
bash-3.1$ free
            total      used      free    shared    buffers    cached
Mem:      1555024    232968    1322056          0      15904    135476
-/+ buffers/cache:      81588    1473436
Swap:      2000084          0    2000084
bash-3.1$ dd if=/dev/zero bs=1024 of=/dev/shm/test
dd: writing `/dev/shm/test': No space left on device
776749+0 records in
776748+0 records out
795389952 bytes (795 MB) copied, 2.81356 s, 283 MB/s
bash-3.1$ free
            total      used      free    shared    buffers    cached
Mem:      1555024    1010640    544384          0      15920    912224
-/+ buffers/cache:      82496    1472528
Swap:      2000084          0    2000084
As you can see, this takes a huge chunk of my system ram away and I would guess completely breaks anything that tries to use shared memory segments.

Now, I could reduce the max size of the tmpfs filesystem it sits on to mitigate risk, but I just don't like having this thing world writable on principle. You can protect most resources with ulimit setting or filesystem quotas, but there doesn't seem to be any per user or per process settings in regard to shm that I can find and even if they did exist, the world writable directory would just allow an attacker to bypass them anyway.

Please, is there anyone out there that can explain to me what this new world writable filesystem is all about and whether I can do anything to tighten this up, or is it just something I have to live with. SysV IPC Shared Memory seemed to work fine in the past without it.

UPDATE:

I've found a little more. Hidden in the kernel documentation for the tmpfs filesystem is this...

Quote:
2) glibc 2.2 and above expects tmpfs to be mounted at /dev/shm for
POSIX shared memory (shm_open, shm_unlink). Adding the following
line to /etc/fstab should take care of this:

tmpfs /dev/shm tmpfs defaults 0 0

Remember to create the directory that you intend to mount tmpfs on
if necessary.

This mount is _not_ needed for SYSV shared memory. The internal
mount is used for that. (In the 2.3 kernel versions it was
necessary to mount the predecessor of tmpfs (shm fs) to use SYSV
shared memory)
So, its apparently not the SYSV Shared memory, but some new fangled one. Does anyone know if I'm likely to meet any programs out their that require this newstyle shared memory? If not I think I'll turn it off for the time being and carry on using the SYSV style calls.

Alien Bob 05-28-2008 08:09 AM
The proprietary ATI display drivers expect a tmpfs. So do QEMU's accelerator kernel module 'kqemu' and the JACK audio connection kit. Maybe more programs that I am not aware of.
None of those ship with Slackware by default so it should be safe to remove that line from fstab.

Eric

GazL 05-28-2008 08:39 AM
Thanks Eric. I feel happier now I know its something new rather than a reworking of the old SysV stuff.

Technically, I guess there's not much difference between the way this works and a malicious/errant program using up all of the SYSV Shared memory pool, or even /tmp for that matter. I guess that with /dev/shm its just easier to do it from the shell.

Anyway, I've decided to leave it in there but shrink the size a little as the default is quite large and to add noexec,nodev,nosuid to the fstab entry as below to make me feel a little better about it being world writable.

tmpfs /dev/shm tmpfs size=256m,noexec,nodev,nosuid

Hopefully, this won't break anything.


All times are GMT -5. The time now is 11:42 PM.