[linux-elitists] mount options frenzy!

Karsten M. Self kmself@ix.netcom.com
Thu Mar 29 20:36:22 PST 2001


on Thu, Mar 29, 2001 at 12:36:19PM -0800, Don Marti (dmarti@zgp.org) wrote:
> If you read Linux documentation or articles, as I think you do, you
> occasionally come across a tip such as "Mount /home nosuid" or "mount
> the web tree noatime" or "mount /usr read-only"
> 
> Well, it's time for the elitists of the world to go through our fstabs
> and say what we're mounting how, so that I can create the Canonical
> Mount Options Chart to educate those less elite than ourselves. 
> 
> Any comments on the usefulness security-wise of making everything except
> / and /usr nosuid,nodev?  And of copious use of noexec?

Desktop:

# <file system>	<mount point>	<type>	<options>		 <dump>	<pass>
/dev/hda3	/		ext2 defaults,errors=remount-ro   	0 1
/dev/hda6 	/tmp 		ext2 defaults,nosuid,nodev 		0 2
/dev/sda7 	/var 		ext2 defaults,nosuid,nodev		0 2
/dev/hda5 	/var/spool/news ext2 defaults,nosuid,noexec,nodev 	0 2
/dev/sdb2 	/usr 		ext2 defaults,rw,nodev 			0 2
/dev/sda5 	/usr/local 	ext2 defaults,rw,nosuid,nodev 		0 2
/dev/hda7 	/usr/local/data	ext2 defaults,nosuid,nodev		2 2 
/dev/hda2 	/home 		ext2 defaults,nosuid,nodev		0 2

/dev/hdc 	/mnt/cdrom 	iso9660 noauto,user,ro,nodev,nosuid	2 2
/dev/fd0 	/mnt/floppy 	auto noauto,gid=disk,umask=007,rw,user 	2 2
/dev/hda1 	/mnt/dos    vfat auto,user,nosuid,nodev,gid=6,umask=002 2 2 

Laptop:

# <file system>	<mount point>	<type>	<options>		   <dump> <pass>
/dev/hda3	/	       reiserfs defaults			0 0
/dev/hda1	/boot		ext2	ro,nosuid,nodev			0 2
/dev/hda5 	/tmp 	       reiserfs	rw,nosuid,nodev			0 2
/dev/hda6 	/var 	       reiserfs	rw,nosuid,nodev			0 2
/dev/hda7 	/usr 	       reiserfs	rw,nodev			0 2
/dev/hda8 	/usr/local     reiserfs	rw,nosuid,nodev			0 2
/dev/hda10 	/home 	       reiserfs	rw,nosuid,nodev			0 2
/dev/fd0	/mnt/floppy	auto	defaults,user,noauto		0 0
/dev/cdrom	/mnt/cdrom	iso9660	defaults,ro,user,noauto		0 0


A few notes.

  - 'user' makes nosuid, nodev, noexec redundant, so I can simplify CDR
    and floppy above.

  - I'd commented that making /tmp noexec could be problematic on
    Bugtraq a ways back, and got mildly flamed for this.  I'm now mostly
    convinced I was wrong.

  - Making filesystems noexec has limited practical effect, for someone
    who's smarter (or has a better memory) than me.  There's a trick,
    with the linker, I believe, which can be used to execute a nominally
    non-executable file.  Scripts can be sourced.  Etc.  There's
    probably some protection (most script kiddies are dumb, and many
    scriptwriters probably are), but you only need the smart one to
    write a good exploit.

  - For you Debian types, it's possible to add an option to your
    apt configuration to remount writable and readonly a partition when
    doing upgrades.  Note, however, that remounting partitions to change
    options can happen on your system at any time.  Protections offered
    are, again, limited, if you have a root-level exploit elsewhere.

Cheers.

-- 
Karsten M. Self <kmself@ix.netcom.com>    http://kmself.home.netcom.com/
 What part of "Gestalt" don't you understand?       There is no K5 cabal
  http://gestalt-system.sourceforge.net/         http://www.kuro5hin.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20010329/4dc02898/attachment.pgp 


More information about the linux-elitists mailing list