Open
Description
I'm having a hard time seeing the reasoning for the policy recommendation to prevent writes to /dev/shm/.
This is the policy: https://github.com/kubearmor/policy-templates/blob/release/generic/system/ksp-deny-write-in-shm-folder.yaml
I can't find any reference to preventing writes to /dev/shm/ in MITRE either. The /dev/shm/ is a common IPC mechanism in Linux for shared memory between processes. Preventing writes to it would interfere with some applications.
The only thing I can find about /dev/shm/ in MITRE execution is about preventing execve(2) from unusual places like /dev/shm/. If that is what the original intent of this policy was, then perhaps a better rule is to prevent execution of files located in the /dev/shm/ directory?
Thank you.
Metadata
Metadata
Assignees
Labels
No labels