Bug 1142055 – /tmp mount not nodev,nosuid by default

Bug 1142055 - /tmp mount not nodev,nosuid by default


Summary:	/tmp mount not nodev,nosuid by default

Status:	CONFIRMED

Classification:	openSUSE
Product:	openSUSE Tumbleweed
Classification:	openSUSE
Component:	YaST2
Version:	Current
Hardware:	Other Other

Priority:	P5 - None Severity: Normal (vote)
Target Milestone:	---
Assigned To:	YaST Team
QA Contact:	Jiri Srain

URL:	https://trello.com/c/7g7HUGpV
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2019-07-18 14:29 UTC by Fabian Vogt
Modified:	2019-07-19 08:38 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Fabian Vogt 2019-07-18 14:29:26 UTC

I noticed that in a default install, the @/tmp subvolume mounted at /tmp does not have the nodev,nosuid options set by default.

This is recommended by most security guides and except in very rare cases without any downsides.

Using tmp.mount unit from systemd (which uses tmpfs), those flags are set.

Comment 1 José Iván López González 2019-07-19 08:38:36 UTC

Hi Fabian,

Thanks for reporting. Yes, right now we have no way to specify such options for each Btrfs subvolume. We have plans to improve it, this is something under our radar. We will track this card to take it into account. Thanks!