Package: partman-target Version: 44 Severity: normal Tags: patch please apply belows patch, to add the /proc line to fstab with nosuid.
rationale: setuid and setgid bits have nothing lost in /proc, nice workaround for kernel /proc vulnerability, see suggested at the lwn.net article: http://lwn.net/SubscriberLink/191954/dfb24a687f9b032e/ Index: finish.d/create_fstab_header =================================================================== --- finish.d/create_fstab_header (revision 39223) +++ finish.d/create_fstab_header (working copy) @@ -9,4 +9,4 @@ printf "%-15s %-15s %-7s %-15s %-7s %s\n" '# <file system>' '<mount point>' '<type>' '<options>' '<dump>' '<pass>' >> /target/etc/fstab -printf "%-15s %-15s %-7s %-15s %-7s %s\n" proc /proc proc defaults 0 0 >> /target/etc/fstab +printf "%-15s %-15s %-7s %-15s %-7s %s\n" proc /proc proc defaults,nosuid 0 0 >> /target/etc/fstab -- maks -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17-1-686 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]