On Thursday 20 July 2006 13:23, maximilian attems wrote: > please apply belows patch, to add the /proc line to fstab with nosuid. There was a short discussion about this on IRC. <fjp> Kamion: What do you think of #378984? <Kamion> fjp: suspicious of noexec, aren't there symlinks to executables in /proc? dunno what mounting noexec does to those <Kamion> fjp: nodev and nosuid seem ok I guess <Kamion> I wonder why the kernel doesn't just default to those <fjp> Kamion: The question is rather do we want to set such complex options at all in the installer? This seems to work around a kernel vulnerability that has now been solved and may help guard against future security issues. <fjp> I just don't know if we want the installer to be responsible for that. <maks> did i miss other parts that set it? <maks> otherwise it is a really non-intrusive guard <Kamion> one thing I'd note is that 'mount -t proc proc /proc' is not exactly uncommon in init scripts, and the installer change would be ineffective if scripts did that <Kamion> although /etc/init.d/mountkernfs seems to get that right - it checks /etc/fstab for mount options <Kamion> mountkernfs.sh I mean <fjp> maks: No, it just goes against the basic design pronciple of the installer to stick to defaults unless there are very pressing reasons not to. <Kamion> I do sort of feel that init scripts should enforce those mount options instead, and then (a) we fix upgrades as well as fresh installs, (b) we have a way to turn it off if it turns out to be wrong in the future <ths> Kamion: Symlinks in /proc should simple get dereferenced. <Kamion> I guess <Kamion> suppose I should change binfmt-support to add those mount options <Kamion> so yeah, I think it should be done by init scripts <Kamion> however, some people still do 'mount /proc' <Kamion> so we can change the installer as well as a fallback
Attachment:
pgpAsphbDBswM.pgp
Description: PGP signature