Bug#378984: fstab default /proc entry nosuid
Frans Pop <email@example.com> writes:
> On Thursday 20 July 2006 13:23, maximilian attems wrote:
>> please apply belows patch, to add the /proc line to fstab with nosuid.
> There was a short discussion about this on IRC.
> <fjp> Kamion: What do you think of #378984?
> <Kamion> fjp: suspicious of noexec, aren't there symlinks to executables
> in /proc? dunno what mounting noexec does to those
> <Kamion> fjp: nodev and nosuid seem ok I guess
> <Kamion> I wonder why the kernel doesn't just default to those
> <fjp> Kamion: The question is rather do we want to set such complex
> options at all in the installer? This seems to work around a kernel
> vulnerability that has now been solved and may help guard against future
> security issues.
> <fjp> I just don't know if we want the installer to be responsible for
> <maks> did i miss other parts that set it?
> <maks> otherwise it is a really non-intrusive guard
> <Kamion> one thing I'd note is that 'mount -t proc proc /proc' is not
> exactly uncommon in init scripts, and the installer change would be
> ineffective if scripts did that
> <Kamion> although /etc/init.d/mountkernfs seems to get that right - it
> checks /etc/fstab for mount options
> <Kamion> mountkernfs.sh I mean
> <fjp> maks: No, it just goes against the basic design pronciple of the
> installer to stick to defaults unless there are very pressing reasons not
> <Kamion> I do sort of feel that init scripts should enforce those mount
> options instead, and then (a) we fix upgrades as well as fresh installs,
> (b) we have a way to turn it off if it turns out to be wrong in the
> <ths> Kamion: Symlinks in /proc should simple get dereferenced.
> <Kamion> I guess
> <Kamion> suppose I should change binfmt-support to add those mount options
> <Kamion> so yeah, I think it should be done by init scripts
> <Kamion> however, some people still do 'mount /proc'
> <Kamion> so we can change the installer as well as a fallback
I think 2 things need to be done:
1) change installer so new systems get a good fstab
2) fix fstab on upgrade so old system do too
That fixes both mountkernfs.sh and manual 'mount /proc'.
I don't think the mountkernfs.sh should hardcode those options as that
is less transparent and doesn't work for manual mounts.
The same goes for /sys although someone mentioned that there might be
device nodes in /sys so only nosuid,noexec there.
As to the kernel defaulting to noexec,nosuid,nodev for proc that is a
nice idea. Maybe filesystems should have a black-list of standard mount
options that get always unset. That should probably be brought to the
kernel team and lkml for brainstorming.