mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-13 22:25:03 +00:00
28f0c335dd
devtmpfs is writable. Add the noexec and nosuid as default mount flags to prevent code execution from /dev. The systems who don't use systemd and who rely on CONFIG_DEVTMPFS_MOUNT=y are the ones to be protected by this patch. Other systems are fine with the udev solution. No sane program should be relying on executing from /dev. So this patch reduces the attack surface. It doesn't prevent any specific attack, but it reduces the possibility that someone can use /dev as a place to put executable code. Chrome OS has been carrying this patch for several years. It seems trivial and simple solution to improve the protection of /dev when CONFIG_DEVTMPFS_MOUNT=y. Original patch: https://lore.kernel.org/lkml/20121120215059.GA1859@www.outflux.net/ Cc: ellyjones@chromium.org Cc: Kay Sievers <kay@vrfy.org> Cc: Roland Eggner <edvx1@systemanalysen.net> Co-developed-by: Muhammad Usama Anjum <usama.anjum@collabora.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Muhammad Usama Anjum <usama.anjum@collabora.com> Link: https://lore.kernel.org/r/YcMfDOyrg647RCmd@debian-BULLSEYE-live-builder-AMD64 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
---|---|---|
.. | ||
firmware_loader | ||
power | ||
regmap | ||
test | ||
arch_numa.c | ||
arch_topology.c | ||
attribute_container.c | ||
auxiliary.c | ||
base.h | ||
bus.c | ||
cacheinfo.c | ||
class.c | ||
component.c | ||
container.c | ||
core.c | ||
cpu.c | ||
dd.c | ||
devcoredump.c | ||
devres.c | ||
devtmpfs.c | ||
driver.c | ||
firmware.c | ||
hypervisor.c | ||
init.c | ||
isa.c | ||
Kconfig | ||
Makefile | ||
map.c | ||
memory.c | ||
module.c | ||
node.c | ||
pinctrl.c | ||
platform-msi.c | ||
platform.c | ||
property.c | ||
soc.c | ||
swnode.c | ||
syscore.c | ||
topology.c | ||
trace.c | ||
trace.h | ||
transport_class.c |