Bug 1142055 - /tmp mount not nodev,nosuid by default
/tmp mount not nodev,nosuid by default
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: YaST2
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: YaST Team
Jiri Srain
Depends on:
  Show dependency treegraph
Reported: 2019-07-18 14:29 UTC by Fabian Vogt
Modified: 2019-07-19 08:38 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Fabian Vogt 2019-07-18 14:29:26 UTC
I noticed that in a default install, the @/tmp subvolume mounted at /tmp does not have the nodev,nosuid options set by default.

This is recommended by most security guides and except in very rare cases without any downsides.

Using tmp.mount unit from systemd (which uses tmpfs), those flags are set.
Comment 1 José Iván López González 2019-07-19 08:38:36 UTC
Hi Fabian,

Thanks for reporting. Yes, right now we have no way to specify such options for each Btrfs subvolume. We have plans to improve it, this is something under our radar. We will track this card to take it into account. Thanks!