[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#378984: marked as done (fstab default /proc entry nosuid)

Your message dated Tue, 29 May 2012 12:23:22 -0400
with message-id <20120529162322.GA31919@gnu.kitenet.net>
and subject line closing, noexec etc is the default
has caused the Debian Bug report #378984,
regarding fstab default /proc entry nosuid
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

378984: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=378984
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: partman-target
Version: 44
Severity: normal
Tags: patch

please apply belows patch,
to add the /proc line to fstab with nosuid.

setuid and setgid bits have nothing lost in /proc, nice workaround
for kernel /proc vulnerability, see suggested at the lwn.net article:

Index: finish.d/create_fstab_header
--- finish.d/create_fstab_header	(revision 39223)
+++ finish.d/create_fstab_header	(working copy)
@@ -9,4 +9,4 @@
 printf "%-15s %-15s %-7s %-15s %-7s %s\n" '# <file system>' '<mount point>' '<type>' '<options>' '<dump>' '<pass>' >> /target/etc/fstab
-printf "%-15s %-15s %-7s %-15s %-7s %s\n" proc /proc proc defaults 0 0 >> /target/etc/fstab
+printf "%-15s %-15s %-7s %-15s %-7s %s\n" proc /proc proc defaults,nosuid 0 0 >> /target/etc/fstab


-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-1-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

--- End Message ---
--- Begin Message ---
mountkernfs mounts /proc with the requested options by default,
so d-i does not need to do anything. I have /proc with defaults in
fstab and still get this:

proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)

see shy jo

Attachment: signature.asc
Description: Digital signature

--- End Message ---

Reply to: