Bug#378984: fstab default /proc entry nosuid

To: maximilian attems <maks@sternwelten.at>, 378984@bugs.debian.org
Subject: Bug#378984: fstab default /proc entry nosuid
From: Thiemo Seufer <ths@networkno.de>
Date: Thu, 20 Jul 2006 13:01:37 +0100
Message-id: <[🔎] 20060720120137.GB4350@networkno.de>
Reply-to: Thiemo Seufer <ths@networkno.de>, 378984@bugs.debian.org
In-reply-to: <[🔎] 20060720112354.27660.14689.reportbug@nancy>
References: <[🔎] 20060720112354.27660.14689.reportbug@nancy>

maximilian attems wrote:
> Package: partman-target
> Version: 44
> Severity: normal
> Tags: patch
> 
> please apply belows patch,
> to add the /proc line to fstab with nosuid.
> 
> rationale:
> setuid and setgid bits have nothing lost in /proc, nice workaround
> for kernel /proc vulnerability, see suggested at the lwn.net article:
> http://lwn.net/SubscriberLink/191954/dfb24a687f9b032e/
> 
> 
> Index: finish.d/create_fstab_header
> ===================================================================
> --- finish.d/create_fstab_header	(revision 39223)
> +++ finish.d/create_fstab_header	(working copy)
> @@ -9,4 +9,4 @@
>  
>  printf "%-15s %-15s %-7s %-15s %-7s %s\n" '# <file system>' '<mount point>' '<type>' '<options>' '<dump>' '<pass>' >> /target/etc/fstab
>  
> -printf "%-15s %-15s %-7s %-15s %-7s %s\n" proc /proc proc defaults 0 0 >> /target/etc/fstab
> +printf "%-15s %-15s %-7s %-15s %-7s %s\n" proc /proc proc defaults,nosuid 0 0 >> /target/etc/fstab

Might even become "defaults,nodev,noexec,nosuid" for that matter.


Thiemo

Reply to:

References:
- Bug#378984: fstab default /proc entry nosuid
  - From: maximilian attems <maks@sternwelten.at>

Prev by Date: Bug#378984: fstab default /proc entry nosuid
Next by Date: Re: Bug#378404: installation guide: one more additional proposal
Previous by thread: Bug#378984: fstab default /proc entry nosuid
Next by thread: Bug#378984: fstab default /proc entry nosuid
Index(es):
- Date
- Thread