Forum
  1. Forums
  2. CloudLinux and Control Panels
  3. CloudLinux and cPanel
  1. Anonymous User
  2. Thursday, December 07, 2017
  3.  Subscribe via email
Is there a reason /dev/shm isn't mounted noexec by /etc/cagefs/cagefs.mp?

The user is in CageFS, though:

22720 *username obfuscated*  20   0 2451856  58620   1104 S 100.3  0.1   0:19.28 md

[[email protected]*host obfuscated* ~]# crontab -l -u *username obfuscated*
* * * * * /dev/shm/.z/upd >/dev/null 2>&1

[[email protected]*host obfuscated* ~]# ls -al /dev/shm/.z
total 4164
drwxr-xr-x 2 *username obfuscated* *username obfuscated*    260 Dec  6 19:27 .
drwxrwxrwt 3 root     root          60 Dec  6 19:27 ..
-rwxr-xr-x 1 *username obfuscated* *username obfuscated*     329 Dec  6 16:58 a
-rw-r--r-- 1 *username obfuscated* *username obfuscated*       6 Dec  7 07:26 bash.pid
-rw-r--r-- 1 *username obfuscated* *username obfuscated*      42 Dec  6 19:27 cron.d
-rw-r--r-- 1 *username obfuscated* *username obfuscated*      12 Dec  6 19:27 dir.dir
-rwxr-xr-x 1 *username obfuscated* *username obfuscated*   15125 Dec  6 16:58 h32
-rwxr-xr-x 1 *username obfuscated* *username obfuscated*  838583 Dec  6 16:58 h64
-rwxr-xr-x 1 *username obfuscated* *username obfuscated* 2979640 Dec  6 16:58 md
-rwxr-xr-x 1 *username obfuscated* *username obfuscated*  227220 Dec  6 16:58 md32
-rwxr-xr-x 1 *username obfuscated* *username obfuscated*  168896 Dec  6 16:58 mdx
-rwxr-xr-x 1 *username obfuscated* *username obfuscated*     564 Dec  6 19:02 run
-rwxr--r-- 1 *username obfuscated* *username obfuscated*     182 Dec  6 19:27 upd
Rate this post:
  1. 11.12.2017 13:12:17
  2. # 1
Igor Ghertesco Accepted Answer
Posts: 76
Joined: 07.08.2015
0
Votes
Undo
Hello,

In my test environment /dev/shm is not mounted with noexec as well:

# mount |grep shm
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
tmpfs on /usr/share/cagefs-skeleton/dev/shm type tmpfs (rw,nosuid,relatime)

Did you try to mount /dev/shm in the real file system with noexec first?
  1. 11.12.2017 14:12:11
  2. # 2
Boris Accepted Answer
Is there anything in the CL internals that would be negatively affected if we mounted it noexec in /etc/cagefs/cagefs.mp? I guess not, just wanted to make sure?
  1. 12.12.2017 10:12:24
  2. # 3
Igor Ghertesco Accepted Answer
Posts: 76
Joined: 07.08.2015
0
Votes
Undo
Hello,

There should be no side effects.
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Remove Upload Files (Maximum File Size: 2 MB)
You may insert polls into your post. The poll would then appear in the post.
Vote Options
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.