Package: initscripts Version: 2.86.ds1-7 Severity: normal Tags: experimental
/etc/init.d/mountvirtfs mounts a tmpfs on /run, but does so without specifying any limits (size=nn), which means it defaults to half the physical memory in the system. Whilt in most cases this is appropriate, /run is intended to be very small, and should only be used by a small number of packages. With the default size, it creates the opportunity for a denial of service attack (by filling the fs, exhausting available virtual memory), and also the opportunity for abuse by package maintainers; by imposing strict limits (possibly even nr_inodes), any abuse will be quickly spotted. Now that there are at least two tmpfs filesystems mounted by default (/dev/shm and /run), it might be necessary to be a bit stricter about the size of /dev/shm as well, since together both can be as big as all the available memory. It would be prudent to check the total VM size before using any default size. For the /run size/inode limit, I would suggest adding something similar to /etc/default/tmpfs (possibly even an addition to this file, for example RUN_TMPFS_SIZE and SHM_TMPFS_SIZE). Regards, Roger -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (990, 'unstable') Architecture: powerpc (ppc) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14.4 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Versions of packages initscripts depends on: ii coreutils 5.93-5 The GNU core utilities ii debianutils 2.15.2 Miscellaneous utilities specific t ii dpkg 1.13.11 package maintenance system for Deb ii e2fsprogs 1.38+1.39-WIP-2005.12.10-1 ext2 file system utilities and lib ii libc6 2.3.5-9 GNU C Library: Shared libraries an ii lsb-base 3.0-12 Linux Standard Base 3.0 init scrip ii util-linux 2.12r-2 Miscellaneous system utilities initscripts recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
