--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: fstab default /proc entry nosuid
- From: maximilian attems <maks@sternwelten.at>
- Date: Thu, 20 Jul 2006 13:23:54 +0200
- Message-id: <20060720112354.27660.14689.reportbug@nancy>
Package: partman-target
Version: 44
Severity: normal
Tags: patch
please apply belows patch,
to add the /proc line to fstab with nosuid.
rationale:
setuid and setgid bits have nothing lost in /proc, nice workaround
for kernel /proc vulnerability, see suggested at the lwn.net article:
http://lwn.net/SubscriberLink/191954/dfb24a687f9b032e/
Index: finish.d/create_fstab_header
===================================================================
--- finish.d/create_fstab_header (revision 39223)
+++ finish.d/create_fstab_header (working copy)
@@ -9,4 +9,4 @@
printf "%-15s %-15s %-7s %-15s %-7s %s\n" '# <file system>' '<mount point>' '<type>' '<options>' '<dump>' '<pass>' >> /target/etc/fstab
-printf "%-15s %-15s %-7s %-15s %-7s %s\n" proc /proc proc defaults 0 0 >> /target/etc/fstab
+printf "%-15s %-15s %-7s %-15s %-7s %s\n" proc /proc proc defaults,nosuid 0 0 >> /target/etc/fstab
--
maks
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-1-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
--- End Message ---