run as mode=0755,noexec,nosuid,nodev (security issue).

arekm Tue, 07 Jun 2016 08:12:16 -0700

commit bf207b887d07ba758fc22675d119e7da7ac2941d
Author: Arkadiusz Miśkiewicz <[email protected]>
Date:   Tue Jun 7 17:11:12 2016 +0200


    rel 5; mount /run as mode=0755,noexec,nosuid,nodev (security issue).

 rc-scripts-git.patch | 28 ++++++++++++++++++++++++++++
 rc-scripts.spec      |  2 +-
 2 files changed, 29 insertions(+), 1 deletion(-)
---
diff --git a/rc-scripts.spec b/rc-scripts.spec
index 45dce34..b1f6b86 100644
--- a/rc-scripts.spec
+++ b/rc-scripts.spec
@@ -9,7 +9,7 @@ Summary(pl.UTF-8):      inittab i skrypty startowe z katalogu 
/etc/rc.d
 Summary(tr.UTF-8):     inittab ve /etc/rc.d dosyaları
 Name:          rc-scripts
 Version:       0.4.15
-Release:       4
+Release:       5
 License:       GPL v2
 Group:         Base
 #Source0:      ftp://distfiles.pld-linux.org/src/%{name}-%{version}.tar.gz
diff --git a/rc-scripts-git.patch b/rc-scripts-git.patch
index 4b9a2f3..c16153b 100644
--- a/rc-scripts-git.patch
+++ b/rc-scripts-git.patch
@@ -30,3 +30,31 @@ index 8d018f7..f9538d2 100644
                pid=$(pidof -o $$ -o $PPID -o %PPID -x "$1")
        fi
  
+commit bf42a4fb7c71c31954499bf9cbce4548305afe80
+Author: Arkadiusz Miśkiewicz <[email protected]>
+Date:   Tue Jun 7 17:09:48 2016 +0200
+
+    Mount /run as mode=0755,noexec,nosuid,nodev.
+
+diff --git a/rc.d/rc.sysinit b/rc.d/rc.sysinit
+index f7f0eea..99bb078 100755
+--- a/rc.d/rc.sysinit
++++ b/rc.d/rc.sysinit
+@@ -409,7 +409,7 @@ if ! is_yes "$VSERVER" && [[ "$container" != lxc* ]]; then
+       parse_cmdline
+ 
+       if [ -d /run ]; then
+-              is_fsmounted tmpfs /run || mount -n -t tmpfs run /run
++              is_fsmounted tmpfs /run || mount -n -t tmpfs run /run -o 
mode=0755,noexec,nosuid,nodev
+       fi
+ 
+       # Early sysctls
+@@ -680,7 +680,7 @@ if ! is_yes "$VSERVER" && [[ "$container" != lxc* ]]; then
+               mount -f -t devtmpfs devtmpfs /dev 2> /dev/null
+       fi
+       if is_fsmounted tmpfs /run; then
+-              mount -f -t tmpfs run /run 2> /dev/null
++              mount -f -t tmpfs run /run -o mode=0755,noexec,nosuid,nodev 2> 
/dev/null
+       fi
+ 
+       if is_fsmounted usbfs /proc/bus/usb; then
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/rc-scripts.git/commitdiff/bf207b887d07ba758fc22675d119e7da7ac2941d

_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

[packages/rc-scripts] rel 5; mount /run as mode=0755,noexec,nosuid,nodev (security issue).

Reply via email to