[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#378984: fstab default /proc entry nosuid



Package: partman-target
Version: 44
Severity: normal
Tags: patch

please apply belows patch,
to add the /proc line to fstab with nosuid.

rationale:
setuid and setgid bits have nothing lost in /proc, nice workaround
for kernel /proc vulnerability, see suggested at the lwn.net article:
http://lwn.net/SubscriberLink/191954/dfb24a687f9b032e/


Index: finish.d/create_fstab_header
===================================================================
--- finish.d/create_fstab_header	(revision 39223)
+++ finish.d/create_fstab_header	(working copy)
@@ -9,4 +9,4 @@
 
 printf "%-15s %-15s %-7s %-15s %-7s %s\n" '# <file system>' '<mount point>' '<type>' '<options>' '<dump>' '<pass>' >> /target/etc/fstab
 
-printf "%-15s %-15s %-7s %-15s %-7s %s\n" proc /proc proc defaults 0 0 >> /target/etc/fstab
+printf "%-15s %-15s %-7s %-15s %-7s %s\n" proc /proc proc defaults,nosuid 0 0 >> /target/etc/fstab


--
maks

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-1-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)



Reply to: