devtmpfs: mount with noexec and nosuid
Since devtmpfs is writable, make the default noexec,nosuid as well. This
protects from the case of a privileged process having an arbitrary file
write flaw and an argumentless arbitrary execution (i.e. it would lack
the ability to run "mount -o remount,exec,suid /dev").
Rather than relying on userspace "mount -o remount,noexec,nosuid /dev",
accomplish this from the kernel. This means no additional exec during
(potentially time-sensitive) boot is needed. The kernel is responsible
for this mount, so the mount flags should be configurable.
Cc: ellyjones@chromium.org
Cc: Kay Sievers <kay@vrfy.org>
Cc: Roland Eggner <edvx1@systemanalysen.net>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
v3:
- use a single define for the mount flags, suggested by Greg K.H.
v2:
- use CONFIG_DEVTMPFS_SAFE to wrap the logic.
2 files changed
