LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   secure /dev/shm (https://www.linuxquestions.org/questions/linux-security-4/secure-dev-shm-554804/)

bytez 05-17-2007 11:00 PM
secure /dev/shm
 
Quote:
/dev/shm isn't mounted with the noexec,nosuid options (currently: none). You should consider adding a mountpoint into /etc/fstab for /dev/shm with those options
Got this on my security check, could anyone tell me step by step how to secure it? Thanks so much!

win32sux 05-18-2007 03:58 PM
AFAICT, it probably wants a line like this in your /etc/fstab file:
Code:
devshm /dev/shm tmpfs rw,noexec,nosuid 0 0

bytez 05-18-2007 04:01 PM
thanks, how to I edit the fstab file without breaking the system? Could I just use pico command?

win32sux 05-18-2007 04:12 PM
Quote:
Originally Posted by bytez
thanks, how to I edit the fstab file without breaking the system? Could I just use pico command?
well, my suggestion would be to first try it without editing the file... in other words, just remount your devshm with the new options... if anything goes wrong (unlikely but possible) you can just reboot and be done with it... check it:
Code:
win32sux@candystore:~$ mount | grep shm
devshm on /dev/shm type tmpfs (rw)
win32sux@candystore:~$ sudo mount -o rw,noexec,nosuid,remount -t tmpfs devshm /dev/shm
win32sux@candystore:~$ mount | grep shm
devshm on /dev/shm type tmpfs (rw,noexec,nosuid)
then when you are sure your box didn't break, make a backup of your fstab before editing it:
Code:
cat /etc/fstab > /etc/fstab.bak
this way if all hell breaks loose upon reboot then you can just boot a live cd and cat the backup file back into the proper one...

PS: yes, pico is fine, any text editor will do, really...


All times are GMT -5. The time now is 10:01 AM.