Control: forwarded -1 https://github.com/systemd/systemd/pull/3575 Control: tag -1 upstream confirmed patch
Hey Gabriel, Gabriel Filion [2016-06-04 23:51 -0400]: > When using /etc/default/tmpfs on wheezy, if you enabled RAMTMP, the tmpfs > would > get created with options nodev,nosuid. However, using the systemd-provided > unit > does not set those options. So the default way to enable a tmpfs for /tmp is > now more lax and permits intruders to create devices and possibly suid-set > executables. Thanks for pointing this out! I agree that this would be a much better default, and I only see this breaking corner cases (and then the admin can still tweak the options by just using /etc/fstab or a tmp.mount.d/*.conf). I sent an upstream PR for this. Martin -- Martin Pitt | http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
signature.asc
Description: PGP signature
_______________________________________________ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers