Thx for the ideas. I'll bring them up in an internal discussion as well.
Software Group II (ADITG/SW2)
Tel. +49 5121 49 6948
From: systemd-devel [mailto:email@example.com] On Behalf Of Topi Miettinen
Sent: Mittwoch, 1. Februar 2017 18:11
Subject: Re: [systemd-devel] Any reason why /run and /dev/shm do not have MS_NOEXEC flags set?
Post by Hoyer, Marko (ADITG/SW2)
thanks to all for your fast feedback. I'll kick off an internal
discussion based on the facts you delivered to find out if our people
actually want what they want ;)
Filesystem W^X is a nice idea, but considering scripting or other (even
unintentional) Turing complete interpreters in a system, its not very strong protection. See also https://lwn.net/Articles/708196/
In my setup I have mounted /run with noexec, but /run/user/* still exec.
Then for each service you can enable systemd directive ProtectHome=true which makes /run/user inaccessible.
Likewise for /dev/shm, you can check if it is needed by each service at all and make it completely inaccessible if so, rather than making it globally noexec.
systemd-devel mailing list