Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-12-28 04:09:27 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Patrick Schleizer 2023-10-22 15:44:30 -04:00
parent 316282952f
commit a88c0a3ad2
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
usr/bin/remount-secure
View File

@ -147,14 +147,14 @@ _boot() {
mount_folder="$NEWROOT/boot" mount_folder="$NEWROOT/boot"
## https://lists.freedesktop.org/archives/systemd-devel/2015-February/028456.html ## https://lists.freedesktop.org/archives/systemd-devel/2015-February/028456.html
intended_mount_options="nosuid,nodev,noexec" intended_mount_options="nosuid,nodev,noexec"
remount_secure "$@" remount_secure
} }
_run() { _run() {
mount_folder="/run" mount_folder="/run"
## https://lists.freedesktop.org/archives/systemd-devel/2015-February/028456.html ## https://lists.freedesktop.org/archives/systemd-devel/2015-February/028456.html
intended_mount_options="nosuid,nodev${noexec_maybe}" intended_mount_options="nosuid,nodev${noexec_maybe}"
remount_secure "$@" remount_secure
} }
_dev() { _dev() {
@ -162,19 +162,19 @@ _dev() {
## /dev should be nosuid,noexec as per: ## /dev should be nosuid,noexec as per:
## https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1991975 ## https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1991975
intended_mount_options="nosuid,noexec" intended_mount_options="nosuid,noexec"
remount_secure "$@" remount_secure
} }
_dev_shm() { _dev_shm() {
mount_folder="/dev/shm" mount_folder="/dev/shm"
intended_mount_options="nosuid,nodev${noexec_maybe}" intended_mount_options="nosuid,nodev${noexec_maybe}"
remount_secure "$@" remount_secure
} }
_tmp() { _tmp() {
mount_folder="$NEWROOT/tmp" mount_folder="$NEWROOT/tmp"
intended_mount_options="nosuid,nodev${noexec_maybe}" intended_mount_options="nosuid,nodev${noexec_maybe}"
remount_secure "$@" remount_secure
} }
_var() { _var() {
@ -182,19 +182,19 @@ _var() {
## noexec: Not possible. Reason: ## noexec: Not possible. Reason:
## Debian stores executable maintainer scripts in /var/lib/dpkg/info folder. ## Debian stores executable maintainer scripts in /var/lib/dpkg/info folder.
intended_mount_options="nosuid,nodev" intended_mount_options="nosuid,nodev"
remount_secure "$@" remount_secure
} }
_var_tmp() { _var_tmp() {
mount_folder="/var/tmp" mount_folder="/var/tmp"
intended_mount_options="nosuid,nodev${noexec_maybe}" intended_mount_options="nosuid,nodev${noexec_maybe}"
remount_secure "$@" remount_secure
} }
_var_log() { _var_log() {
mount_folder="$NEWROOT/var/log" mount_folder="$NEWROOT/var/log"
intended_mount_options="nosuid,nodev,noexec" intended_mount_options="nosuid,nodev,noexec"
remount_secure "$@" remount_secure
} }
_lib() { _lib() {
@ -202,13 +202,13 @@ _lib() {
## Cannot use noexec on /lib as per: ## Cannot use noexec on /lib as per:
## https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707/25 ## https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707/25
intended_mount_options="nosuid,nodev" intended_mount_options="nosuid,nodev"
remount_secure "$@" remount_secure
} }
_home() { _home() {
mount_folder="$NEWROOT/home" mount_folder="$NEWROOT/home"
intended_mount_options="nosuid,nodev${noexec_maybe}" intended_mount_options="nosuid,nodev${noexec_maybe}"
remount_secure "$@" remount_secure
} }
end() { end() {