From bf207b887d07ba758fc22675d119e7da7ac2941d Mon Sep 17 00:00:00 2001 From: =?utf8?q?Arkadiusz=20Mi=C5=9Bkiewicz?= Date: Tue, 7 Jun 2016 17:11:12 +0200 Subject: [PATCH] rel 5; mount /run as mode=0755,noexec,nosuid,nodev (security issue). --- rc-scripts-git.patch | 28 ++++++++++++++++++++++++++++ rc-scripts.spec | 2 +- 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/rc-scripts-git.patch b/rc-scripts-git.patch index 4b9a2f3..c16153b 100644 --- a/rc-scripts-git.patch +++ b/rc-scripts-git.patch @@ -30,3 +30,31 @@ index 8d018f7..f9538d2 100644 pid=$(pidof -o $$ -o $PPID -o %PPID -x "$1") fi +commit bf42a4fb7c71c31954499bf9cbce4548305afe80 +Author: Arkadiusz Miśkiewicz +Date: Tue Jun 7 17:09:48 2016 +0200 + + Mount /run as mode=0755,noexec,nosuid,nodev. + +diff --git a/rc.d/rc.sysinit b/rc.d/rc.sysinit +index f7f0eea..99bb078 100755 +--- a/rc.d/rc.sysinit ++++ b/rc.d/rc.sysinit +@@ -409,7 +409,7 @@ if ! is_yes "$VSERVER" && [[ "$container" != lxc* ]]; then + parse_cmdline + + if [ -d /run ]; then +- is_fsmounted tmpfs /run || mount -n -t tmpfs run /run ++ is_fsmounted tmpfs /run || mount -n -t tmpfs run /run -o mode=0755,noexec,nosuid,nodev + fi + + # Early sysctls +@@ -680,7 +680,7 @@ if ! is_yes "$VSERVER" && [[ "$container" != lxc* ]]; then + mount -f -t devtmpfs devtmpfs /dev 2> /dev/null + fi + if is_fsmounted tmpfs /run; then +- mount -f -t tmpfs run /run 2> /dev/null ++ mount -f -t tmpfs run /run -o mode=0755,noexec,nosuid,nodev 2> /dev/null + fi + + if is_fsmounted usbfs /proc/bus/usb; then diff --git a/rc-scripts.spec b/rc-scripts.spec index 45dce34..b1f6b86 100644 --- a/rc-scripts.spec +++ b/rc-scripts.spec @@ -9,7 +9,7 @@ Summary(pl.UTF-8): inittab i skrypty startowe z katalogu /etc/rc.d Summary(tr.UTF-8): inittab ve /etc/rc.d dosyaları Name: rc-scripts Version: 0.4.15 -Release: 4 +Release: 5 License: GPL v2 Group: Base #Source0: ftp://distfiles.pld-linux.org/src/%{name}-%{version}.tar.gz -- 2.44.0