Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Slackware This Forum is for the discussion of Slackware Linux.


Search this Thread
Old 05-28-2008, 06:26 AM   #1
Senior Member
Registered: May 2008
Posts: 3,601

Rep: Reputation: 1093Reputation: 1093Reputation: 1093Reputation: 1093Reputation: 1093Reputation: 1093Reputation: 1093Reputation: 1093

Having just gotten around to installing 12.1, I've noticed that I've gained a /dev/shm tmpfs filesystem. What's the deal with this? From quick google searches, amongst all the mis-information I've found a bit of detail and that it belongs to the libc6 posix shared memory implementation. Is this a new implementation of the, SysV IPC shmctl(2) et al, or is it something new?

Though its not a major issue for me, I like to run a tight ship and what concerns me is that /dev/shm appears to be a world writable filesystem and that it can be abused by putting files directly in it as such....
bash-3.1$ free
             total       used       free     shared    buffers     cached
Mem:       1555024     232968    1322056          0      15904     135476
-/+ buffers/cache:      81588    1473436
Swap:      2000084          0    2000084
bash-3.1$ dd if=/dev/zero bs=1024 of=/dev/shm/test
dd: writing `/dev/shm/test': No space left on device
776749+0 records in
776748+0 records out
795389952 bytes (795 MB) copied, 2.81356 s, 283 MB/s
bash-3.1$ free
             total       used       free     shared    buffers     cached
Mem:       1555024    1010640     544384          0      15920     912224
-/+ buffers/cache:      82496    1472528
Swap:      2000084          0    2000084
As you can see, this takes a huge chunk of my system ram away and I would guess completely breaks anything that tries to use shared memory segments.

Now, I could reduce the max size of the tmpfs filesystem it sits on to mitigate risk, but I just don't like having this thing world writable on principle. You can protect most resources with ulimit setting or filesystem quotas, but there doesn't seem to be any per user or per process settings in regard to shm that I can find and even if they did exist, the world writable directory would just allow an attacker to bypass them anyway.

Please, is there anyone out there that can explain to me what this new world writable filesystem is all about and whether I can do anything to tighten this up, or is it just something I have to live with. SysV IPC Shared Memory seemed to work fine in the past without it.


I've found a little more. Hidden in the kernel documentation for the tmpfs filesystem is this...

2) glibc 2.2 and above expects tmpfs to be mounted at /dev/shm for
POSIX shared memory (shm_open, shm_unlink). Adding the following
line to /etc/fstab should take care of this:

tmpfs /dev/shm tmpfs defaults 0 0

Remember to create the directory that you intend to mount tmpfs on
if necessary.

This mount is _not_ needed for SYSV shared memory. The internal
mount is used for that. (In the 2.3 kernel versions it was
necessary to mount the predecessor of tmpfs (shm fs) to use SYSV
shared memory)
So, its apparently not the SYSV Shared memory, but some new fangled one. Does anyone know if I'm likely to meet any programs out their that require this newstyle shared memory? If not I think I'll turn it off for the time being and carry on using the SYSV style calls.

Last edited by GazL; 06-12-2011 at 04:54 AM.
Old 05-28-2008, 08:09 AM   #2
Alien Bob
Slackware Contributor
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 5,584

Rep: Reputation: Disabled
The proprietary ATI display drivers expect a tmpfs. So do QEMU's accelerator kernel module 'kqemu' and the JACK audio connection kit. Maybe more programs that I am not aware of.
None of those ship with Slackware by default so it should be safe to remove that line from fstab.

Old 05-28-2008, 08:39 AM   #3
Senior Member
Registered: May 2008
Posts: 3,601

Original Poster
Rep: Reputation: 1093Reputation: 1093Reputation: 1093Reputation: 1093Reputation: 1093Reputation: 1093Reputation: 1093Reputation: 1093
Thanks Eric. I feel happier now I know its something new rather than a reworking of the old SysV stuff.

Technically, I guess there's not much difference between the way this works and a malicious/errant program using up all of the SYSV Shared memory pool, or even /tmp for that matter. I guess that with /dev/shm its just easier to do it from the shell.

Anyway, I've decided to leave it in there but shrink the size a little as the default is quite large and to add noexec,nodev,nosuid to the fstab entry as below to make me feel a little better about it being world writable.

tmpfs /dev/shm tmpfs size=256m,noexec,nodev,nosuid

Hopefully, this won't break anything.

Last edited by GazL; 06-12-2011 at 04:54 AM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
use of /dev/shm kskkumar Linux - General 1 01-31-2006 01:55 PM
What is /dev/pts, /dev/shm? mrpc_cambodia Red Hat 1 10-18-2004 03:27 AM
what is /dev/shm? chem1 Linux - Hardware 13 05-31-2004 02:52 PM
/dev/shm sakeeb Linux - Software 9 06-05-2002 06:03 AM
What is /Dev/shm? neil Linux - General 2 04-08-2002 03:25 AM

All times are GMT -5. The time now is 01:46 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration