Secure Shared Memory

Posted on Sunday March 13, 2016 / by Eric Potvin

Shared memory can be used in an attack against a running service, apache2 or httpd for example. To make it more secure, modify /etc/fstab using this command:

sudo vi /etc/fstab

add the following line for Ubuntu 12.04:

tmpfs     /dev/shm     tmpfs	defaults,noexec,nosuid	0	0

add the following line for Ubuntu 12.10 or later:

#secure shared memory
tmpfs     /run/shm    tmpfs	defaults,noexec,nosuid	0	0

You will need to reboot for this setting to take effect.

If you want to make the changes wihtout rebooting, you can run:

sudo mount -a

This command will allow you to find which files and folders can be secured:

sudo find / -perm -2 ! -type l -ls