[packages/rc-scripts] rel 5; mount /run as mode=0755,noexec,nosuid,nodev (security issue).

arekm arekm at pld-linux.org
Tue Jun 7 17:11:20 CEST 2016 

commit bf207b887d07ba758fc22675d119e7da7ac2941d
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Tue Jun 7 17:11:12 2016 +0200

    rel 5; mount /run as mode=0755,noexec,nosuid,nodev (security issue).

 rc-scripts-git.patch | 28 ++++++++++++++++++++++++++++
 rc-scripts.spec      |  2 +-
 2 files changed, 29 insertions(+), 1 deletion(-)
---
diff --git a/rc-scripts.spec b/rc-scripts.spec
index 45dce34..b1f6b86 100644
--- a/rc-scripts.spec
+++ b/rc-scripts.spec
@@ -9,7 +9,7 @@ Summary(pl.UTF-8):	inittab i skrypty startowe z katalogu /etc/rc.d
 Summary(tr.UTF-8):	inittab ve /etc/rc.d dosyaları
 Name:		rc-scripts
 Version:	0.4.15
-Release:	4
+Release:	5
 License:	GPL v2
 Group:		Base
 #Source0:	ftp://distfiles.pld-linux.org/src/%{name}-%{version}.tar.gz
diff --git a/rc-scripts-git.patch b/rc-scripts-git.patch
index 4b9a2f3..c16153b 100644
--- a/rc-scripts-git.patch
+++ b/rc-scripts-git.patch
@@ -30,3 +30,31 @@ index 8d018f7..f9538d2 100644
  		pid=$(pidof -o $$ -o $PPID -o %PPID -x "$1")
  	fi
  
+commit bf42a4fb7c71c31954499bf9cbce4548305afe80
+Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
+Date:   Tue Jun 7 17:09:48 2016 +0200
+
+    Mount /run as mode=0755,noexec,nosuid,nodev.
+
+diff --git a/rc.d/rc.sysinit b/rc.d/rc.sysinit
+index f7f0eea..99bb078 100755
+--- a/rc.d/rc.sysinit
++++ b/rc.d/rc.sysinit
+@@ -409,7 +409,7 @@ if ! is_yes "$VSERVER" && [[ "$container" != lxc* ]]; then
+ 	parse_cmdline
+ 
+ 	if [ -d /run ]; then
+-		is_fsmounted tmpfs /run || mount -n -t tmpfs run /run
++		is_fsmounted tmpfs /run || mount -n -t tmpfs run /run -o mode=0755,noexec,nosuid,nodev
+ 	fi
+ 
+ 	# Early sysctls
+@@ -680,7 +680,7 @@ if ! is_yes "$VSERVER" && [[ "$container" != lxc* ]]; then
+ 		mount -f -t devtmpfs devtmpfs /dev 2> /dev/null
+ 	fi
+ 	if is_fsmounted tmpfs /run; then
+-		mount -f -t tmpfs run /run 2> /dev/null
++		mount -f -t tmpfs run /run -o mode=0755,noexec,nosuid,nodev 2> /dev/null
+ 	fi
+ 
+ 	if is_fsmounted usbfs /proc/bus/usb; then
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/rc-scripts.git/commitdiff/bf207b887d07ba758fc22675d119e7da7ac2941d

More information about the pld-cvs-commit mailing list