review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Kees Cook <keescook@chromium.org>
	Wed, 22 Dec 2021 12:50:20 +0000 (17:50 +0500)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 30 Dec 2021 12:54:42 +0000 (13:54 +0100)
commit	28f0c335dd4a1a4b44b3e6c6402825a93132e1a4
tree	bedbed9cd81bfd3985845a7d57ae0ea6bc22ea2f	tree \| snapshot
parent	67aa58e8d4b07b436971326af6319258e0926f33	commit \| diff

devtmpfs: mount with noexec and nosuid

devtmpfs is writable. Add the noexec and nosuid as default mount flags
to prevent code execution from /dev. The systems who don't use systemd
and who rely on CONFIG_DEVTMPFS_MOUNT=y are the ones to be protected by
this patch. Other systems are fine with the udev solution.

No sane program should be relying on executing from /dev. So this patch
reduces the attack surface. It doesn't prevent any specific attack, but
it reduces the possibility that someone can use /dev as a place to put
executable code. Chrome OS has been carrying this patch for several
years. It seems trivial and simple solution to improve the protection of
/dev when CONFIG_DEVTMPFS_MOUNT=y.

Original patch:
https://lore.kernel.org/lkml/20121120215059.GA1859@www.outflux.net/

Cc: ellyjones@chromium.org
Cc: Kay Sievers <kay@vrfy.org>
Cc: Roland Eggner <edvx1@systemanalysen.net>
Co-developed-by: Muhammad Usama Anjum <usama.anjum@collabora.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Muhammad Usama Anjum <usama.anjum@collabora.com>
Link: https://lore.kernel.org/r/YcMfDOyrg647RCmd@debian-BULLSEYE-live-builder-AMD64
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

drivers/base/Kconfig		diff \| blob \| history
drivers/base/devtmpfs.c		diff \| blob \| history