ShareWiz Security

tmpfs (ramfs formerly) is the name of the temporary file system of Linux. It is implemented directly in the kernel since version 2.6.

/dev/shm implements a temporary system file -type tmpfs. It is mounted as a hard disk but the data is written into RAM. The name comes from shm Shared Memory often used for exchanging data between processes.

Note that in Ubuntu, /dev/shm is a link to /run/shm.

By default, /dev/shm is mounted read/write, with permission to execute programs

In recent years, many security mailing lists have noted many exploits where /dev/shm is used in an attack against a running service, such as httpd. Most of these exploits, however, rely on an insecure web application rather than vulnerability in Apache or Ubuntu. There are a few reasons for it to be mounted read/write in specific configurations, such as real-time configuration of a Synaptics touchpad for laptops, but for servers and desktop installations there is no benefit to mounting /dev/shm read/write.

To change this setting, edit the /etc/fstab file to include the following line:

This will mount /dev/shm in read-only mode. If you have a good reason to keep it writable, put this line in /etc/fstab instead:

The changes will take effect the next time you reboot, unless you remount /dev/shm with the command:

NOTE: Many programs will not work if you make /dev/shm read-only.

See Ubuntu Stricter Defaults for further information.

Increase or reduce the /dev/shm filesystem size as required.

To be even more extreme, you may drop or disable this temporarily RAM-based filesystem entirely, to prevent it from auto-mount during system boots up, if none of the application in that Linux server relying on shared memory function or explicitly using tmpfs (as a quick-and-dirty trick to improve execution performance).

Issue the command man fstab for further information on fstab; and the command man mount for further information on the tmpfs filesystem options.