Public bug reported:
After reading about a recent root exploit that used the /proc filesystem
and could have been stopped by applying restrictive permissions to the
filesystem I decided to check my ubuntu machine.
All the filesystems set up by ubuntu itself (/dev, /proc, /sys,
/var/run, /var/lock, etc.) are mounted rw by default. This is a
potential security risk that can be fixed by adding a couple of lines to
/etc/fstab!
My fstab reads like this now:
# kernel FS:
proc /proc proc nodev,noexec,nosuid 0 0
sysfs /sys sys nodev,noexec,nosuid 0 0
udev /dev tmpfs nosuid 0 0
varrun /var/run tmpfs nodev,noexec,nosuid 0 0
varlock /var/lock tmps nodev,noexec,nosuid 0 0
/dev/shm and /dev/pts could probably do with a noexec,nosuid as well,
but I am not sure enough to add those at the moment;-)
The linux-restricted-modules could even be mounted nodev,noexec,nosuid
as well.
You might want to think about adding more restrictive permissions to
user-created filesystems by default as well.
Eg. /home works fine with nosuid and stops users from storing stolen root
shells;-)
All this can be easily done by editing /etc/fstab, but ubuntu is about
being secure by default, so a user should not need to do that himself
IMHO.
** Affects: debian-installer (Ubuntu)
Importance: Untriaged
Status: Unconfirmed
** Changed in: Ubuntu
Sourcepackagename: None => debian-installer
--
mountpoints with insecure permissions
https://launchpad.net/bugs/54530
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
