From: Martin Pitt <martin.pitt@ubuntu.com>
Date: Wed, 22 Jun 2016 10:32:59 +0000 (+0200)
Subject: units: add nosuid and nodev options to tmp.mount (#3575)
X-Git-Tag: v231~137
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2f9df7c96a2;p=thirdparty%2Fsystemd.git

units: add nosuid and nodev options to tmp.mount (#3575)

This makes privilege escalation attacks harder by putting traps and exploits
into /tmp.

https://bugs.debian.org/826377
---

diff --git a/units/tmp.mount.m4 b/units/tmp.mount.m4
index 1448bd268a0..0baecfd22f8 100644
--- a/units/tmp.mount.m4
+++ b/units/tmp.mount.m4
@@ -19,4 +19,4 @@ After=swap.target
 What=tmpfs
 Where=/tmp
 Type=tmpfs
-Options=mode=1777,strictatime
+Options=mode=1777,strictatime,nosuid,nodev