]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e382c49)
units: add nosuid and nodev options to tmp.mount (#3575)
authorMartin Pitt <martin.pitt@ubuntu.com>
Wed, 22 Jun 2016 10:32:59 +0000 (12:32 +0200)
committerLennart Poettering <lennart@poettering.net>
Wed, 22 Jun 2016 10:32:59 +0000 (12:32 +0200)
This makes privilege escalation attacks harder by putting traps and exploits
into /tmp.

https://bugs.debian.org/826377

units/tmp.mount.m4 patch | blob | blame | history

diff --git a/units/tmp.mount.m4 b/units/tmp.mount.m4
index 1448bd268a0bb0d5b8c130eb53900118dc836e76..0baecfd22f83120f7b281639306bb46393345e6e 100644 (file)
--- a/units/tmp.mount.m4
+++ b/units/tmp.mount.m4
@@ -19,4 +19,4 @@ After=swap.target
 What=tmpfs
 Where=/tmp
 Type=tmpfs
-Options=mode=1777,strictatime
+Options=mode=1777,strictatime,nosuid,nodev
Unnamed repository; edit this file 'description' to name the repository.