1 |
Hi, |
2 |
|
3 |
The local root exploit-of-the-week would have been unable to run if our |
4 |
users systems had /proc mounted with nosuid and/or noexec |
5 |
|
6 |
It would be worthwhile considering making this a default. What are |
7 |
people's thoughts? |
8 |
|
9 |
Additional testing of this change would be appreciated (just ensure that |
10 |
nothing breaks). To do it as a one off: |
11 |
|
12 |
# mount -o remount,nosuid,noexec /proc |
13 |
|
14 |
To make it more permanent, /etc/fstab has: |
15 |
|
16 |
proc /proc proc defaults 0 0 |
17 |
|
18 |
Change to: |
19 |
|
20 |
proc /proc proc nosuid,noexec 0 0 |
21 |
|
22 |
|
23 |
Thanks, |
24 |
Daniel |
25 |
-- |
26 |
gentoo-dev@g.o mailing list |