Bug 693253

Summary: tmpfs need quota support to avoid local DoS on a new systems
Product: [Fedora] Fedora Reporter: Michał Piotrowski <mkkp4x4>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: Bert.Deknuydt, cmaiolin, danielbelton, extras-qa, fullung, gansalmon, groknok, itamar, jonathan, kernel-maint, k.georgiou, kzak, lherbolt, lpoetter, madhu.chinakonda, martin, pollardwaldorf, samuel-rhbugs, wwoods, yersinia.spiros
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-08-09 11:28:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michał Piotrowski 2011-04-03 23:03:28 UTC 
Hi,

There is a problem with /run/user/ and /dev/shm. Ordinary users can write to /run/user/<login> dirs filling entire free space. This can lead to local DoS.

Additional information can be found in this thread
http://lists.freedesktop.org/archives/systemd-devel/2011-April/thread.html#1839

Best regards,
Michal
Comment 1 Chuck Ebbert 2011-04-07 23:39:55 UTC 
There's no way quota support for tmpfs can be ready in time for F15.
Comment 2 Michał Piotrowski 2011-04-08 05:31:10 UTC 
I realize that it is not a 10 lines bugfix :)

Thanks for the consideration of the problem.
Comment 3 Will Woods 2011-05-10 00:42:19 UTC 
I guess you're not expecting this to be fixed for F15, then? Moving to rawhide so the problem can be considered properly.
Comment 4 Matthias Runge 2011-05-10 09:14:25 UTC 

-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers
Comment 5 Josh Boyer 2012-09-14 14:13:26 UTC 
*** Bug 857297 has been marked as a duplicate of this bug. ***
Comment 6 Josh Boyer 2013-01-22 20:49:51 UTC 
*** Bug 902522 has been marked as a duplicate of this bug. ***
Comment 7 Lukas Herbolt 2019-08-29 08:04:22 UTC 
So f15 is history, any news about this bug/rfe?
Comment 8 Jesse Pollard 2019-08-29 11:09:10 UTC 
No change in tmpfs.

What has changed is that Fedora now creates a tmpfs for each /run/user/<uid> login with a maximum size.

This mitigation sort of covers up the problem.

the /dev/shm issue appears to still be present.
Comment 9 Carlos Maiolino 2024-08-09 11:28:20 UTC 
Closing this as Rawhide, as tmpfs quotas support has been released in Linux 6.10, if Fedora maintainers believe the Closed resolution should be something else, please, feel free to change.
Comment 10 Red Hat Bugzilla 2024-12-08 04:25:02 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days