Bug#378984: fstab default /proc entry nosuid

To: Frans Pop <elendil@planet.nl>
Cc: 378984@bugs.debian.org
Subject: Bug#378984: fstab default /proc entry nosuid
From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
Date: Thu, 20 Jul 2006 17:17:29 +0200
Message-id: <[🔎] 87mzb4mhkm.fsf@informatik.uni-tuebingen.de>
Reply-to: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>, 378984@bugs.debian.org
In-reply-to: <[🔎] 200607201546.58354.elendil@planet.nl> (Frans Pop's message of "Thu, 20 Jul 2006 15:46:57 +0200")
References: <[🔎] 20060720112354.27660.14689.reportbug@nancy> <[🔎] 200607201546.58354.elendil@planet.nl>

Frans Pop <elendil@planet.nl> writes:

> On Thursday 20 July 2006 13:23, maximilian attems wrote:
>> please apply belows patch, to add the /proc line to fstab with nosuid.
>
> There was a short discussion about this on IRC.
>
> <fjp> Kamion: What do you think of #378984?
> <Kamion> fjp: suspicious of noexec, aren't there symlinks to executables 
> in /proc? dunno what mounting noexec does to those
> <Kamion> fjp: nodev and nosuid seem ok I guess
> <Kamion> I wonder why the kernel doesn't just default to those
> <fjp> Kamion: The question is rather do we want to set such complex 
> options at all in the installer? This seems to work around a kernel 
> vulnerability that has now been solved and may help guard against future 
> security issues.
> <fjp> I just don't know if we want the installer to be responsible for 
> that.
> <maks> did i miss other parts that set it?
> <maks> otherwise it is a really non-intrusive guard
> <Kamion> one thing I'd note is that 'mount -t proc proc /proc' is not 
> exactly uncommon in init scripts, and the installer change would be 
> ineffective if scripts did that
> <Kamion> although /etc/init.d/mountkernfs seems to get that right - it 
> checks /etc/fstab for mount options
> <Kamion> mountkernfs.sh I mean
> <fjp> maks: No, it just goes against the basic design pronciple of the 
> installer to stick to defaults unless there are very pressing reasons not 
> to.
> <Kamion> I do sort of feel that init scripts should enforce those mount 
> options instead, and then (a) we fix upgrades as well as fresh installs, 
> (b) we have a way to turn it off if it turns out to be wrong in the 
> future
> <ths> Kamion: Symlinks in /proc should simple get dereferenced.
> <Kamion> I guess
> <Kamion> suppose I should change binfmt-support to add those mount options
> <Kamion> so yeah, I think it should be done by init scripts
> <Kamion> however, some people still do 'mount /proc'
> <Kamion> so we can change the installer as well as a fallback

I think 2 things need to be done:

1) change installer so new systems get a good fstab
2) fix fstab on upgrade so old system do too

That fixes both mountkernfs.sh and manual 'mount /proc'.

I don't think the mountkernfs.sh should hardcode those options as that
is less transparent and doesn't work for manual mounts.


The same goes for /sys although someone mentioned that there might be
device nodes in /sys so only nosuid,noexec there.


As to the kernel defaulting to noexec,nosuid,nodev for proc that is a
nice idea. Maybe filesystems should have a black-list of standard mount
options that get always unset. That should probably be brought to the
kernel team and lkml for brainstorming.

MfG
        Goswin

Reply to:

References:
- Bug#378984: fstab default /proc entry nosuid
  - From: maximilian attems <maks@sternwelten.at>
- Bug#378984: fstab default /proc entry nosuid
  - From: Frans Pop <elendil@planet.nl>

Prev by Date: Bug#292966: installation-reports: No /etc/network/interfaces using etch beta 2 installer
Next by Date: Bug#379021: tasksel: New language tasks show up during new installation
Previous by thread: Bug#378984: fstab default /proc entry nosuid
Next by thread: Bug#292966: installation-reports: No /etc/network/interfaces using etch beta 2 installer
Index(es):
- Date
- Thread