Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-05-05 04:14:59 -04:00
Code Issues Projects Releases Packages Wiki Activity

remount /home /tmp /dev/shm /run with nosuid,nodev (default) and noexec (opt-in)

Browse source 
https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707
This commit is contained in:
Patrick Schleizer 2019-12-06 05:14:02 -05:00
parent 8cf5ed990a
commit 470cad6e91
No known key found for this signature in database
GPG key ID: CB8D50BB77BB3C48
3 changed files with 105 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
debian/control vendored
View file

@ -135,6 +135,12 @@ Description: enhances misc security settings
* p8022 - IEEE 802.2
.
user restrictions:
.
* remount /home, /tmp, /dev/shm and /run with nosuid,nodev (default) and
noexec (opt-in). To disable this, run "sudo touch /etc/remount-disable". To
opt-in noexec, run "sudo touch /etc/noexec" and reboot (easiest).
/lib/systemd/system/remount-secure.service
/usr/lib/security-misc/remount-secure
.
* A systemd service mounts /proc with hidepid=2 at boot to prevent users from
seeing each other's processes.