[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#378984: fstab default /proc entry nosuid

Frans Pop <elendil@planet.nl> writes:

> On Thursday 20 July 2006 13:23, maximilian attems wrote:
>> please apply belows patch, to add the /proc line to fstab with nosuid.
> There was a short discussion about this on IRC.
> <fjp> Kamion: What do you think of #378984?
> <Kamion> fjp: suspicious of noexec, aren't there symlinks to executables 
> in /proc? dunno what mounting noexec does to those
> <Kamion> fjp: nodev and nosuid seem ok I guess
> <Kamion> I wonder why the kernel doesn't just default to those
> <fjp> Kamion: The question is rather do we want to set such complex 
> options at all in the installer? This seems to work around a kernel 
> vulnerability that has now been solved and may help guard against future 
> security issues.
> <fjp> I just don't know if we want the installer to be responsible for 
> that.
> <maks> did i miss other parts that set it?
> <maks> otherwise it is a really non-intrusive guard
> <Kamion> one thing I'd note is that 'mount -t proc proc /proc' is not 
> exactly uncommon in init scripts, and the installer change would be 
> ineffective if scripts did that
> <Kamion> although /etc/init.d/mountkernfs seems to get that right - it 
> checks /etc/fstab for mount options
> <Kamion> mountkernfs.sh I mean
> <fjp> maks: No, it just goes against the basic design pronciple of the 
> installer to stick to defaults unless there are very pressing reasons not 
> to.
> <Kamion> I do sort of feel that init scripts should enforce those mount 
> options instead, and then (a) we fix upgrades as well as fresh installs, 
> (b) we have a way to turn it off if it turns out to be wrong in the 
> future
> <ths> Kamion: Symlinks in /proc should simple get dereferenced.
> <Kamion> I guess
> <Kamion> suppose I should change binfmt-support to add those mount options
> <Kamion> so yeah, I think it should be done by init scripts
> <Kamion> however, some people still do 'mount /proc'
> <Kamion> so we can change the installer as well as a fallback

I think 2 things need to be done:

1) change installer so new systems get a good fstab
2) fix fstab on upgrade so old system do too

That fixes both mountkernfs.sh and manual 'mount /proc'.

I don't think the mountkernfs.sh should hardcode those options as that
is less transparent and doesn't work for manual mounts.

The same goes for /sys although someone mentioned that there might be
device nodes in /sys so only nosuid,noexec there.

As to the kernel defaulting to noexec,nosuid,nodev for proc that is a
nice idea. Maybe filesystems should have a black-list of standard mount
options that get always unset. That should probably be brought to the
kernel team and lkml for brainstorming.


Reply to: