[Pkg-sysvinit-commits] r820 - in sysvinit/trunk/debian: .
initscripts/etc/init.d
Petter Reinholdtsen
pere at costa.debian.org
Tue Sep 5 08:19:28 UTC 2006
Author: pere
Date: 2006-09-05 08:19:27 +0000 (Tue, 05 Sep 2006)
New Revision: 820
Modified:
sysvinit/trunk/debian/changelog
sysvinit/trunk/debian/initscripts/etc/init.d/mountkernfs.sh
Log:
* Mount /dev/shm, /sys, /proc and /proc/bus/usb using
noexec,nodev,nosuid to make it harder to misuse.
(Closes: #378182, #378280)
Modified: sysvinit/trunk/debian/changelog
===================================================================
--- sysvinit/trunk/debian/changelog 2006-08-04 15:55:41 UTC (rev 819)
+++ sysvinit/trunk/debian/changelog 2006-09-05 08:19:27 UTC (rev 820)
@@ -11,8 +11,9 @@
unrecognized value is treated as 'none'. (Closes: #380602)
* Make sure SATA disks are powered down as well as IDE disks. Patch
from Sebastian Reichelt. (Closes: #348172)
- * Mount /dev/shm using noexec,nodev,nosuid to make it harder to
- misuse. (Closes: #378182)
+ * Mount /dev/shm, /sys, /proc and /proc/bus/usb using
+ noexec,nodev,nosuid to make it harder to misuse.
+ (Closes: #378182, #378280)
-- Petter Reinholdtsen <pere at debian.org> Wed, 26 Jul 2006 11:37:23 +0200
Modified: sysvinit/trunk/debian/initscripts/etc/init.d/mountkernfs.sh
===================================================================
--- sysvinit/trunk/debian/initscripts/etc/init.d/mountkernfs.sh 2006-08-04 15:55:41 UTC (rev 819)
+++ sysvinit/trunk/debian/initscripts/etc/init.d/mountkernfs.sh 2006-09-05 08:19:27 UTC (rev 820)
@@ -23,7 +23,7 @@
#
# Mount proc filesystem on /proc
#
- domount proc "" /proc
+ domount proc "" /proc -onodev,noexec,nosuid
#
# Mount sysfs on /sys
@@ -31,7 +31,7 @@
# Only mount sysfs if it is supported (kernel >= 2.6)
if grep -E -qs "sysfs\$" /proc/filesystems
then
- domount sysfs "" /sys
+ domount sysfs "" /sys -onodev,noexec,nosuid
fi
#
@@ -46,7 +46,7 @@
#
if [ -d /proc/bus/usb ]
then
- domount usbfs usbdevfs /proc/bus/usb
+ domount usbfs usbdevfs /proc/bus/usb -onodev,noexec,nosuid
fi
}
More information about the Pkg-sysvinit-commits
mailing list