Re: [PATCH v2] devtmpfs: mount with noexec and nosuid

From: Kees Cook
Date: Tue Nov 20 2012 - 19:18:23 EST

Next message: Alan Cox: "Re: [PATCH v2] devtmpfs: mount with noexec and nosuid"
Previous message: Kees Cook: "Re: [PATCH v3] devtmpfs: mount with noexec and nosuid"
In reply to: Kay Sievers: "Re: [PATCH v2] devtmpfs: mount with noexec and nosuid"
Next in thread: Alan Cox: "Re: [PATCH v2] devtmpfs: mount with noexec and nosuid"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Nov 20, 2012 at 4:13 PM, Kay Sievers <kay@xxxxxxxx> wrote:
> On Tue, Nov 20, 2012 at 9:42 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>> Since devtmpfs is writable, make the default noexec,nosuid as well. This
>> protects from the case of a privileged process having an arbitrary file
>> write flaw and an argumentless arbitrary execution (i.e. it would lack
>> the ability to run "mount -o remount,exec,suid /dev").
>
> This only really applies to systems without an initramfs when the
> kernel mounts /dev over the rootfs it has mounted; with an initramfs,
> /dev is always mounted by user code.
>
> Just checking, that is the use case you are doing that for?

Correct. We're using this in Chrome OS, which does not use an initramfs.

-Kees

--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: [PATCH v2] devtmpfs: mount with noexec and nosuid"
Previous message: Kees Cook: "Re: [PATCH v3] devtmpfs: mount with noexec and nosuid"
In reply to: Kay Sievers: "Re: [PATCH v2] devtmpfs: mount with noexec and nosuid"
Next in thread: Alan Cox: "Re: [PATCH v2] devtmpfs: mount with noexec and nosuid"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]