Bug#378984: fstab default /proc entry nosuid
maximilian attems wrote:
> Package: partman-target
> Version: 44
> Severity: normal
> Tags: patch
>
> please apply belows patch,
> to add the /proc line to fstab with nosuid.
>
> rationale:
> setuid and setgid bits have nothing lost in /proc, nice workaround
> for kernel /proc vulnerability, see suggested at the lwn.net article:
> http://lwn.net/SubscriberLink/191954/dfb24a687f9b032e/
>
>
> Index: finish.d/create_fstab_header
> ===================================================================
> --- finish.d/create_fstab_header (revision 39223)
> +++ finish.d/create_fstab_header (working copy)
> @@ -9,4 +9,4 @@
>
> printf "%-15s %-15s %-7s %-15s %-7s %s\n" '# <file system>' '<mount point>' '<type>' '<options>' '<dump>' '<pass>' >> /target/etc/fstab
>
> -printf "%-15s %-15s %-7s %-15s %-7s %s\n" proc /proc proc defaults 0 0 >> /target/etc/fstab
> +printf "%-15s %-15s %-7s %-15s %-7s %s\n" proc /proc proc defaults,nosuid 0 0 >> /target/etc/fstab
Might even become "defaults,nodev,noexec,nosuid" for that matter.
Thiemo
Reply to: