Bug 199041

Summary: Mount /proc with nosuid,noexec flags by defaulf
Product: [Fedora] Fedora Reporter: Dawid Gajownik <gajownik>
Component: mkinitrdAssignee: Peter Jones <pjones>
Status: CLOSED UPSTREAM QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: davej, notting
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-07-26 04:06:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dawid Gajownik 2006-07-16 11:42:57 UTC 
Description of problem:
Maybe /proc should be mounted by default with noexec,nosuid flags? This can
increase security in some way.

Steps to Reproduce:
1. grep proc /etc/fstab

Additional info:
http://thread.gmane.org/gmane.linux.gentoo.devel/40511/focus=40511
http://lwn.net/Articles/191531/
Comment 1 Bill Nottingham 2006-07-17 13:49:58 UTC 
The initramfs mounts proc. Of course, if this is that important, why not just
set it that way *in the kernel*?
Comment 2 Dave Jones 2006-07-26 04:06:00 UTC 
The linux-2.6-defaults-* patches are really starting to pile up.
If you feel strongly about this issue, argue it upstream in
http://bugzilla.kernel.org or linux-kernel.org