maximilian attems wrote: > Package: partman-target > Version: 44 > Severity: normal > Tags: patch > > please apply belows patch, > to add the /proc line to fstab with nosuid. > > rationale: > setuid and setgid bits have nothing lost in /proc, nice workaround > for kernel /proc vulnerability, see suggested at the lwn.net article: > http://lwn.net/SubscriberLink/191954/dfb24a687f9b032e/ > > > Index: finish.d/create_fstab_header > =================================================================== > --- finish.d/create_fstab_header (revision 39223) > +++ finish.d/create_fstab_header (working copy) > @@ -9,4 +9,4 @@ > > printf "%-15s %-15s %-7s %-15s %-7s %s\n" '# <file system>' '<mount point>' > '<type>' '<options>' '<dump>' '<pass>' >> /target/etc/fstab > > -printf "%-15s %-15s %-7s %-15s %-7s %s\n" proc /proc proc defaults 0 0 >> > /target/etc/fstab > +printf "%-15s %-15s %-7s %-15s %-7s %s\n" proc /proc proc defaults,nosuid 0 > 0 >> /target/etc/fstab
Might even become "defaults,nodev,noexec,nosuid" for that matter. Thiemo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]