Package: udev Version: 0.105-4 Severity: normal
Reviewing mount options for various real and virtual filesystems, I'm wondering if it might be preferable to set the nosuid and possibly noexec options for udev (obviously it cannot be made nodev ;-). There's a possible concern with mmap() and mprotect() for noexec mounts, but restricting the ability to create suid files may be a positive security measure. -- Package-specific info: -- /etc/udev/rules.d/: /etc/udev/rules.d/: total 8 lrwxrwxrwx 1 root root 20 Nov 28 19:02 020_permissions.rules -> ../permissions.rules lrwxrwxrwx 1 root root 19 Nov 27 19:09 025_libgphoto2.rules -> ../libgphoto2.rules lrwxrwxrwx 1 root root 16 Apr 10 13:34 025_libsane.rules -> ../libsane.rules lrwxrwxrwx 1 root root 22 Nov 27 19:09 025_logitechmouse.rules -> ../logitechmouse.rules lrwxrwxrwx 1 root root 19 Apr 10 13:21 60-libpisock.rules -> ../libpisock9.rules lrwxrwxrwx 1 root root 17 Nov 27 19:08 thinkpad.rules -> ../thinkpad.rules lrwxrwxrwx 1 root root 13 Nov 28 19:02 udev.rules -> ../udev.rules lrwxrwxrwx 1 root root 25 Nov 28 19:02 z20_persistent-input.rules -> ../persistent-input.rules lrwxrwxrwx 1 root root 19 Nov 28 19:02 z20_persistent.rules -> ../persistent.rules -rw-r--r-- 1 root root 499 Nov 28 11:26 z25_persistent-cd.rules -rw-r--r-- 1 root root 384 Nov 28 19:02 z25_persistent-net.rules lrwxrwxrwx 1 root root 33 Nov 28 19:02 z45_persistent-net-generator.rules -> ../persistent-net-generator.rules lrwxrwxrwx 1 root root 12 Nov 28 19:02 z50_run.rules -> ../run.rules lrwxrwxrwx 1 root root 16 Nov 28 19:02 z55_hotplug.rules -> ../hotplug.rules lrwxrwxrwx 1 root root 19 Dec 3 01:53 z60_alsa-utils.rules -> ../alsa-utils.rules lrwxrwxrwx 1 root root 15 Nov 27 19:09 z60_hdparm.rules -> ../hdparm.rules lrwxrwxrwx 1 root root 33 Nov 27 19:08 z60_xserver-xorg-input-wacom.rules -> ../xserver-xorg-input-wacom.rules lrwxrwxrwx 1 root root 29 Nov 28 19:02 z75_cd-aliases-generator.rules -> ../cd-aliases-generator.rules lrwxrwxrwx 1 root root 12 Mar 20 14:33 z99_hal.rules -> ../hal.rules -- /sys/: /sys/block/fd0/dev /sys/block/hda/dev /sys/block/hda/hda1/dev /sys/block/hda/hda2/dev /sys/block/hda/hda3/dev /sys/block/hda/hda4/dev /sys/block/hda/hda5/dev /sys/block/hdc/dev /sys/block/ram0/dev /sys/block/ram1/dev /sys/block/ram10/dev /sys/block/ram11/dev /sys/block/ram12/dev /sys/block/ram13/dev /sys/block/ram14/dev /sys/block/ram15/dev /sys/block/ram2/dev /sys/block/ram3/dev /sys/block/ram4/dev /sys/block/ram5/dev /sys/block/ram6/dev /sys/block/ram7/dev /sys/block/ram8/dev /sys/block/ram9/dev /sys/block/sda/dev /sys/block/sdb/dev /sys/block/sdc/dev /sys/block/sdd/dev /sys/class/graphics/fb0/dev /sys/class/input/input0/event0/dev /sys/class/input/input1/event1/dev /sys/class/input/input2/event2/dev /sys/class/input/input2/mouse0/dev /sys/class/input/input2/ts0/dev /sys/class/input/mice/dev /sys/class/misc/agpgart/dev /sys/class/misc/device-mapper/dev /sys/class/misc/hpet/dev /sys/class/misc/psaux/dev /sys/class/misc/rtc/dev /sys/class/misc/snapshot/dev /sys/class/ppdev/parport0/dev /sys/class/printer/lp0/dev /sys/class/sound/adsp/dev /sys/class/sound/audio/dev /sys/class/sound/audio1/dev /sys/class/sound/controlC0/dev /sys/class/sound/controlC1/dev /sys/class/sound/dsp/dev /sys/class/sound/dsp1/dev /sys/class/sound/mixer/dev /sys/class/sound/mixer1/dev /sys/class/sound/pcmC0D0c/dev /sys/class/sound/pcmC0D0p/dev /sys/class/sound/pcmC0D1c/dev /sys/class/sound/pcmC1D0c/dev /sys/class/sound/pcmC1D0p/dev /sys/class/sound/timer/dev /sys/class/usb_device/usbdev1.1/dev /sys/class/usb_device/usbdev1.2/dev /sys/class/usb_device/usbdev1.3/dev /sys/class/usb_device/usbdev1.4/dev /sys/class/usb_device/usbdev2.1/dev /sys/class/usb_device/usbdev3.1/dev /sys/devices/pci0000:00/0000:00:1d.0/usb1/1-0:1.0/usbdev1.1_ep81/dev /sys/devices/pci0000:00/0000:00:1d.0/usb1/1-1/1-1.1/1-1.1:1.0/usbdev1.3_ep81/dev /sys/devices/pci0000:00/0000:00:1d.0/usb1/1-1/1-1.1/usbdev1.3_ep00/dev /sys/devices/pci0000:00/0000:00:1d.0/usb1/1-1/1-1.2/1-1.2:1.0/usbdev1.4_ep02/dev /sys/devices/pci0000:00/0000:00:1d.0/usb1/1-1/1-1.2/1-1.2:1.0/usbdev1.4_ep82/dev /sys/devices/pci0000:00/0000:00:1d.0/usb1/1-1/1-1.2/usbdev1.4_ep00/dev /sys/devices/pci0000:00/0000:00:1d.0/usb1/1-1/1-1:1.0/usbdev1.2_ep81/dev /sys/devices/pci0000:00/0000:00:1d.0/usb1/1-1/usbdev1.2_ep00/dev /sys/devices/pci0000:00/0000:00:1d.0/usb1/usbdev1.1_ep00/dev /sys/devices/pci0000:00/0000:00:1d.1/usb2/2-0:1.0/usbdev2.1_ep81/dev /sys/devices/pci0000:00/0000:00:1d.1/usb2/usbdev2.1_ep00/dev /sys/devices/pci0000:00/0000:00:1d.2/usb3/3-0:1.0/usbdev3.1_ep81/dev /sys/devices/pci0000:00/0000:00:1d.2/usb3/usbdev3.1_ep00/dev -- Kernel configuration: -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (950, 'testing'), (750, 'stable'), (500, 'oldstable'), (400, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.18-4-686 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages udev depends on: ii debconf [debconf-2.0] 1.5.13 Debian configuration management sy ii libc6 2.5-7 GNU C Library: Shared libraries ii libselinux1 1.32-3 SELinux shared libraries ii libvolume-id0 0.105-4 libvolume_id shared library ii lsb-base 3.1-23.1 Linux Standard Base 3.1 init scrip udev recommends no packages. -- debconf information: udev/new_kernel_needed: false udev/reboot_needed: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]