From 73c274c27a7dd28599df1f3112de084e58b3aebf Mon Sep 17 00:00:00 2001
From: Tom Gundersen <teg@jklm.no>
Date: Mon, 6 Dec 2010 12:59:05 +0100
Subject: mount: forbid suid,exec,dev from /proc and /sys

This is the counterpart to a similar patch to initscripts, making sure that the change applies regardless of whether initrd is used.

Thanks to David Reisner for pointing out that this was needed.
---
 init | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'init')

diff --git a/init b/init
index 27f43f2..83cd75c 100644
--- a/init
+++ b/init
@@ -5,8 +5,8 @@
 . /init_functions
 
 msg ":: Loading Initramfs"
-/bin/mount -t proc proc /proc
-/bin/mount -t sysfs sys /sys
+/bin/mount -t proc proc /proc -o nosuid,noexec,nodev
+/bin/mount -t sysfs sys /sys -o nosuid,noexec,nodev
 if grep -q devtmpfs /proc/filesystems 2>/dev/null; then
   /bin/mount -n -t devtmpfs udev /dev -o mode=0755,size=10M,nosuid
 else
-- 
cgit v1.2.3-24-g4f1b