Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The reasoning behind preventing writes to /dev/shm/ and a possible bug #1058

Open
carlosrodfern opened this issue Aug 7, 2024 · 1 comment
Open

The reasoning behind preventing writes to /dev/shm/ and a possible bug #1058

carlosrodfern opened this issue Aug 7, 2024 · 1 comment

Comments

@carlosrodfern
Copy link

I'm having a hard time seeing the reasoning for the policy recommendation to prevent writes to /dev/shm/.

This is the policy: https://github.com/kubearmor/policy-templates/blob/release/generic/system/ksp-deny-write-in-shm-folder.yaml

I can't find any reference to preventing writes to /dev/shm/ in MITRE either. The /dev/shm/ is a common IPC mechanism in Linux for shared memory between processes. Preventing writes to it would interfere with some applications.

The only thing I can find about /dev/shm/ in MITRE execution is about preventing execve(2) from unusual places like /dev/shm/. If that is what the original intent of this policy was, then perhaps a better rule is to prevent execution of files located in the /dev/shm/ directory?

Thank you.
@carlosrodfern carlosrodfern changed the title Reasoning about the preventing of writes to /dev/shm/ and possible bug The reasoning behind preventing writes to /dev/shm/ and a possible bug Aug 14, 2024
@carlosrodfern
Copy link
Author

This is somewhat related to this PR: #1050

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@carlosrodfern