From 2b7aeedb4a543d0a43a35918999338097d13bb16 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Mon, 25 Dec 2023 09:44:51 -0500 Subject: [PATCH] mount /dev/cdrom to /mnt/cdrom (instead of /mnt/cdrom0) and nodev,nosuid,noexec as per: https://www.debian.org/doc/manuals/securing-debian-manual/ch04s10.en.html https://github.com/Kicksecure/security-misc/issues/157 --- usr/share/doc/security-misc/fstab-vm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/usr/share/doc/security-misc/fstab-vm b/usr/share/doc/security-misc/fstab-vm index ef56409..cbd240c 100644 --- a/usr/share/doc/security-misc/fstab-vm +++ b/usr/share/doc/security-misc/fstab-vm @@ -9,7 +9,8 @@ proc /proc pr ## noexec optional /dev/shm /dev/shm tmpfs nosuid,nodev,noexec 0 0 -/dev/cdrom /mnt/cdrom0 iso9660 ro,user,noauto 0 0 +## https://www.debian.org/doc/manuals/securing-debian-manual/ch04s10.en.html +/dev/cdrom /mnt/cdrom iso9660 ro,users,nodev,nosuid,noexec 0 0 /boot /boot none bind,remount,nosuid,nodev,noexec 0 0