Bug 1142055 - /tmp mount not nodev,nosuid by default
/tmp mount not nodev,nosuid by default
Status: CONFIRMED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: YaST2
Current
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: YaST Team
Jiri Srain
https://trello.com/c/7g7HUGpV
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-07-18 14:29 UTC by Fabian Vogt
Modified: 2019-07-19 08:38 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Fabian Vogt 2019-07-18 14:29:26 UTC
I noticed that in a default install, the @/tmp subvolume mounted at /tmp does not have the nodev,nosuid options set by default.

This is recommended by most security guides and except in very rare cases without any downsides.

Using tmp.mount unit from systemd (which uses tmpfs), those flags are set.
Comment 1 José Iván López González 2019-07-19 08:38:36 UTC
Hi Fabian,

Thanks for reporting. Yes, right now we have no way to specify such options for each Btrfs subvolume. We have plans to improve it, this is something under our radar. We will track this card to take it into account. Thanks!